102 matches found
CVE-2017-3377
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-3377
Technical details about CVE-2017-3377 are not publicly provided in the supplied documents; monitor for updates.
CVE-2016-3350
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377...
CVE-2016-3377
CVE-2016-3377 affects the Chakra JavaScript engine in Microsoft Edge. The vulnerability involves memory corruption in the scripting engine when handling objects, exploitable by remote attackers via a crafted website, potentially enabling remote code execution or a denial-of-service. Connected doc...
Microsoft Edge CVE-2016-3377 Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...
MS16-105: Cumulative Security Update for Microsoft Edge (3183043)
The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these...
CVE-2014-3377
CVE-2014-3377 affects Cisco IOS XR 5.1 and earlier and stems from improper parsing of a malformed SNMPv2 packet in the snmpd daemon. An authenticated, remote attacker can cause a denial of service (reload of snmpd). Cisco’s advisory confirms a vulnerability and that software updates are available...
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)
Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)
Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)
update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...
CVE-2011-3377
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
CVE-2011-3377
CVE-2011-3377 affects the IcedTea-Web web browser plugin. The vulnerability is a Same Origin Policy bypass in applets whose origin shares the same second-level domain as the target but uses a different sub-domain. Affected are IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4. This bypass can...
Oracle Linux 4 : perl-Net-DNS (ELSA-2007-0675)
From Red Hat Security Advisory 2007:0675 : An updated perl-Net-DNS package that corrects a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Net::DNS is a collection of Perl modules...
CVE-2013-3377
CVE-2013-3377 affects Cisco TelePresence TC Software prior to 5.1.7 and TE Software prior to 4.1.3. The vulnerability allows remote attackers to cause a DoS (device reload) by sending crafted SIP packets (Bug ID CSCue01743). Cisco’s advisory (cisco-sa-20130619-tpc) confirms two SIP-related DoS vu...
Scientific Linux Security Update : perl-Net-DNS on SL3.0.x, SL4.x, SL5.x i386/x86_64
A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. CVE-2007-3377 A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS...
Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy...
CVE-2012-3377
Heap-based buffer overflow in the OggDecodePacket function in the OGG demuxer modules/demux/ogg.c in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted OGG file...
CVE-2012-3377
Heap-based buffer overflow in the OggDecodePacket function in the OGG demuxer modules/demux/ogg.c in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted OGG file...
CVE-2012-3377
VLC media player < 2.0.2 is vulnerable to a heap-based buffer overflow in the OGG demuxer. The flaw occurs in the Ogg_DecodePacket function (modules/demux/ogg.c) and can allow a remote attacker to cause a crash (DoS) and potentially execute arbitrary code via a crafted OGG file. Affected produ...
VLC Media Player 'OGG'文件远程堆缓冲区溢出漏洞
BUGTRAQ ID: 54345 CVE ID: CVE-2012-3377 VLC Media Player是多媒体播放器(最初命名为VideoLAN客户端)是VideoLAN计划的多媒体播放器。 VLC Media Player 2.0.2在处理OGG容器文件时,"OggDecodePacket"函数modules/demux/ogg.c存在边界错误,通过特制的OGG文件可造成堆缓冲区溢出,执行任意代码。 0 VideoLAN VLC Media Player 2.x 厂商补丁: VideoLAN -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...