Lucene search
+L

102 matches found

NVD
NVD
added 2017/01/27 10:59 p.m.20 views

CVE-2017-3377

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...

8.2CVSS8.2AI score0.01416EPSS
Exploits0References2
CVE
CVE
added 2017/01/27 10:1 p.m.58 views

CVE-2017-3377

Technical details about CVE-2017-3377 are not publicly provided in the supplied documents; monitor for updates.

8.2CVSS8.3AI score0.01416EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/09/14 10:0 a.m.33 views

CVE-2016-3350

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377...

7.8AI score0.15398EPSS
Exploits0References3
CVE
CVE
added 2016/09/14 10:0 a.m.84 views

CVE-2016-3377

CVE-2016-3377 affects the Chakra JavaScript engine in Microsoft Edge. The vulnerability involves memory corruption in the scripting engine when handling objects, exploitable by remote attackers via a crafted website, potentially enabling remote code execution or a denial-of-service. Connected doc...

7.6CVSS7.7AI score0.16166EPSS
Exploits0References3Affected Software1
Symantec
Symantec
added 2016/09/13 12:0 a.m.41 views

Microsoft Edge CVE-2016-3377 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

7.6CVSS0.9AI score0.16166EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/13 12:0 a.m.41 views

MS16-105: Cumulative Security Update for Microsoft Edge (3183043)

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these...

8.8CVSS7AI score0.71478EPSS
Exploits6References13
CVE
CVE
added 2014/09/20 10:0 a.m.47 views

CVE-2014-3377

CVE-2014-3377 affects Cisco IOS XR 5.1 and earlier and stems from improper parsing of a malformed SNMPv2 packet in the snmpd daemon. An authenticated, remote attacker can cause a denial of service (reload of snmpd). Cisco’s advisory confirms a vulnerability and that software updates are available...

4CVSS6.4AI score0.01386EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.29 views

openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)

Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

5.1CVSS5.3AI score0.02653EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)

Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

5.1CVSS5.3AI score0.02653EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...

4.3CVSS5.4AI score0.02217EPSS
Exploits0References5
OSV
OSV
added 2014/02/05 7:55 p.m.13 views

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

9.6AI score
Exploits0References9
CVE
CVE
added 2014/02/05 7:0 p.m.141 views

CVE-2011-3377

CVE-2011-3377 affects the IcedTea-Web web browser plugin. The vulnerability is a Same Origin Policy bypass in applets whose origin shares the same second-level domain as the target but uses a different sub-domain. Affected are IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4. This bypass can...

4.3CVSS7AI score0.02217EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.17 views

Oracle Linux 4 : perl-Net-DNS (ELSA-2007-0675)

From Red Hat Security Advisory 2007:0675 : An updated perl-Net-DNS package that corrects a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Net::DNS is a collection of Perl modules...

4.3CVSS5.3AI score0.02049EPSS
Exploits1References2
CVE
CVE
added 2013/06/21 10:0 a.m.61 views

CVE-2013-3377

CVE-2013-3377 affects Cisco TelePresence TC Software prior to 5.1.7 and TE Software prior to 4.1.3. The vulnerability allows remote attackers to cause a DoS (device reload) by sending crafted SIP packets (Bug ID CSCue01743). Cisco’s advisory (cisco-sa-20130619-tpc) confirms two SIP-related DoS vu...

7.8CVSS6.8AI score0.01887EPSS
Exploits0References1Affected Software13
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.31 views

Scientific Linux Security Update : perl-Net-DNS on SL3.0.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. CVE-2007-3377 A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS...

7.5CVSS7AI score0.03489EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.35 views

Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy...

4.3CVSS5.3AI score0.02217EPSS
Exploits0References2
OSV
OSV
added 2012/07/12 9:55 p.m.11 views

CVE-2012-3377

Heap-based buffer overflow in the OggDecodePacket function in the OGG demuxer modules/demux/ogg.c in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted OGG file...

7.8AI score
Exploits0References7
Cvelist
Cvelist
added 2012/07/12 9:0 p.m.30 views

CVE-2012-3377

Heap-based buffer overflow in the OggDecodePacket function in the OGG demuxer modules/demux/ogg.c in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted OGG file...

7.7AI score0.03803EPSS
Exploits1References7
CVE
CVE
added 2012/07/12 9:0 p.m.66 views

CVE-2012-3377

VLC media player < 2.0.2 is vulnerable to a heap-based buffer overflow in the OGG demuxer. The flaw occurs in the Ogg_DecodePacket function (modules/demux/ogg.c) and can allow a remote attacker to cause a crash (DoS) and potentially execute arbitrary code via a crafted OGG file. Affected produ...

6.8CVSS7.9AI score0.03803EPSS
Exploits1References7Affected Software1
seebug.org
seebug.org
added 2012/07/10 12:0 a.m.26 views

VLC Media Player 'OGG'文件远程堆缓冲区溢出漏洞

BUGTRAQ ID: 54345 CVE ID: CVE-2012-3377 VLC Media Player是多媒体播放器(最初命名为VideoLAN客户端)是VideoLAN计划的多媒体播放器。 VLC Media Player 2.0.2在处理OGG容器文件时,"OggDecodePacket"函数modules/demux/ogg.c存在边界错误,通过特制的OGG文件可造成堆缓冲区溢出,执行任意代码。 0 VideoLAN VLC Media Player 2.x 厂商补丁: VideoLAN -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.8CVSS6.4AI score0.03803EPSS
Exploits1
Rows per page
Query Builder