Lucene search
+L

77 matches found

CVE
CVE
added 2015/06/22 7:0 p.m.136 views

CVE-2015-3237

The CVE-2015-3237 issue affects curl/libcurl 7.40.0–7.42.1. In the smb_request_state() handler, two length and offset values parsed from network data are used without proper boundary checks, enabling a remote SMB server to read memory contents or trigger a crash. Impacts include information discl...

6.4CVSS8.1AI score0.09334EPSS
Exploits0References11Affected Software2
ArchLinux
ArchLinux
added 2015/06/22 12:0 a.m.51 views

curl: information leakage

CVE-2015-3236 lingering HTTP credentials in connection re-use: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password...

6.4CVSS0.1AI score0.09334EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2015/06/22 12:0 a.m.57 views

KLA10618 Information disclosure vulnerability in cURL

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to obtain sensitive information. Below is a complete list of vulnerabilities 1. An unknown vulnerability related to SMB can be exploited remotely via specially designed length and offset...

6.4CVSS9AI score0.09334EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2015/06/19 12:0 a.m.79 views

Security fix for the ALT Linux 8 package curl version 7.43.0-alt1

June 19, 2015 Anton Farygin 7.43.0-alt1 - new version, with fixes for CVE-2015-3236, CVE-2015-3237...

6.4CVSS7.1AI score0.09334EPSS
Exploits0
Amazon
Amazon
added 2015/06/18 12:0 a.m.49 views

Medium: curl

Issue Overview: As discussed upstream http://curl.haxx.se/docs/adv20150617A.html, libcurl can wrongly send HTTP credentials when re-using connections. CVE-2015-3236 Also discussed upstream http://curl.haxx.se/docs/adv20150617B.html, libcurl can get tricked by a malicious SMB server to send off da...

6.4CVSS8.9AI score0.09334EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/04/27 12:0 a.m.43 views

Debian DSA-3237-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2014-8159 It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory...

9.3CVSS7AI score0.10108EPSS
Exploits1References29
OpenVAS
OpenVAS
added 2015/04/26 12:0 a.m.45 views

Debian Security Advisory DSA 3237-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2014-8159 It was found that the Linux kernel OpenVAS Vulnerability Test $Id: deb3237.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from...

9.3CVSS0.7AI score0.10108EPSS
Exploits1References1
OSV
OSV
added 2013/04/22 11:41 a.m.6 views

CVE-2013-3237

The vsockstreamsendmsg function in net/vmwvsock/afvsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

5.8AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/04/22 11:41 a.m.36 views

CVE-2013-3237

The vsockstreamsendmsg function in net/vmwvsock/afvsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS5.9AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2013/04/22 11:41 a.m.4 views

BELL-CVE-2013-3237 CVE-2013-3237 does not affect BellSoft software

Bulletin has no description...

4.9CVSS5.8AI score0.00388EPSS
Exploits0References1
CVE
CVE
added 2013/04/22 10:0 a.m.62 views

CVE-2013-3237

CVE-2013-3237 affects the Linux kernel’s vsock_stream_sendmsg in net/vmw_vsock/af_vsock.c, where a length variable is not initialized prior to use. This can allow local users to read sensitive data from kernel stack memory via crafted recvmsg/recvfrom syscalls. The issue is linked to the kernel v...

4.9CVSS6.8AI score0.00388EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2013/04/22 10:0 a.m.59 views

CVE-2013-3237

The vsockstreamsendmsg function in net/vmwvsock/afvsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

4.9CVSS3.1AI score0.00388EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/15 12:0 a.m.133 views

APPLE-SA-2011-10-12-4 Safari 5.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact:...

9.3CVSS9.6AI score0.50213EPSS
Exploits15
UbuntuCve
UbuntuCve
added 2011/10/12 6:55 p.m.28 views

CVE-2011-3237

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1...

7.6CVSS6.2AI score0.0268EPSS
Exploits1References1
CVE
CVE
added 2011/10/12 6:0 p.m.72 views

CVE-2011-3237

CVE-2011-3237 affects WebKit as used by Apple iTunes before version 10.5. The vulnerability allows a man-in-the-middle attacker to execute arbitrary code or cause a denial of service (memory corruption and application crash) via iTunes Store browsing-related vectors. The connected Nessus entry no...

7.6CVSS7.5AI score0.0268EPSS
Exploits1References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2010/10/20 12:0 a.m.31 views

MS10-079 / MS10-080 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2293194 / 2293211) (Mac OS X)

The remote Mac OS X host is running a version of Microsoft Office that is affected by multiple remote code execution vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Word, Excel, or Lotus 1-2-3 file, these issues could be leveraged to execute...

9.3CVSS6.8AI score0.24787EPSS
Exploits2References12
securityvulns
securityvulns
added 2010/10/16 12:0 a.m.48 views

VUPEN Security Research - Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability (CVE-2010-3237)

VUPEN Security Research - Microsoft Office Excel Merge Cell Record Invalid Pointer Vulnerability CVE-2010-3237 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and sha...

9.3CVSS7.5AI score0.21413EPSS
Exploits0
CVE
CVE
added 2010/10/13 6:0 p.m.73 views

CVE-2010-3237

CVE-2010-3237 is a vulnerability in Microsoft Excel (affecting Excel 2002 SP3 and Office for Mac 2004) where parsing of the Merge Cell record can be exploited to execute arbitrary code. The root cause is improper handling/validation of Merge Cell Records in Excel file formats, enabling remote cod...

9.3CVSS7.5AI score0.21413EPSS
Exploits0References3Affected Software2
Symantec
Symantec
added 2010/10/12 12:0 a.m.30 views

Microsoft Excel Merge Cell Record Pointer (CVE-2010-3237) Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

9.3CVSS1.1AI score0.21413EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.49 views

Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)

Upgrade to 3.3.6 - Fixes a lot of security bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.4CVSS5.3AI score0.41263EPSS
Exploits21References18
Rows per page
Query Builder