82 matches found
Libarchive mtree parse_device Code Execution Vulnerability(CVE-2016-4301)
SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...
CVE-2016-4301
Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...
CVE-2016-4301
CVE-2016-4301 : A stack-based buffer overflow in the libarchive library’s mtree parser (archive_read_support_format_mtree.c, parse_device) allows remote attackers to execute arbitrary code when processing crafted mtree files. Affected: libarchive prior to 3.2.1. Mitigation: upgrade to 3.2.1 or ne...
CVE-2016-4301
Stack-based buffer overflow in the parsedevice function in archivereadsupportformatmtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file...
openSUSE Security Update : libarchive (openSUSE-2016-969)
libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...
Security update for libarchive (important)
libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921:...
Gentoo Security Advisory GLSA 201310-21
Gentoo Linux Local Security Checks GLSA 201310-21 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
CVE-2015-4301
Cisco NX-OS on Nexus 9000 devices 11.11c allows remote authenticated users to cause a denial of service device hang via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225...
CVE-2015-4301
Cisco Nexus 9000 Series NX-OS (Nexus 9000 devices, 11.1(1c)) is affected by CVE-2015-4301. The issue allows a remote authenticated attacker to cause a denial of service (device hang) by copying large files to the device filesystem, via Bug CSCuu77225. Exploitation requires valid credentials and t...
Design/Logic Flaw
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292,...
CVE-2013-4301
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "" open angle bracket character in the lang parameter to w/load.php, which reveals the installation pat...
CVE-2013-4301
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "" open angle bracket character in the lang parameter to w/load.php, which reveals the installation pat...
CVE-2013-4301
MediaWiki information disclosure CVE-2013-4301 affects ResourceLoaderContext.php in MediaWiki 1.19.x (before 1.19.8), 1.20.x (before 1.20.7), and 1.21.x (before 1.21.2). A remote attacker can cause the installation path to be revealed in an error message by supplying a “
Fedora Update for mediawiki FEDORA-2013-15994
Check for the Version of mediawiki OpenVAS Vulnerability Test Fedora Update for mediawiki FEDORA-2013-15994 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Fedora Update for mediawiki FEDORA-2013-15984
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated mediawiki package fixes security vulnerabilities
Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader CVE-2013-4301. Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP CVE-2013-4302. An issue with the MediaWiki API in MediaWiki before 1.20.7 where ...
Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 13 or 6 Update 39, or is earlier than or equal to 5 Update 38 or 1.4.2 Update 40. It is, therefore, potentially affected by security issues in the following components : - 2D - AW...
CVE-2012-4301
CVE-2012-4301 involves the Oracle JavaFX component in Java SE/JavaFX up to version 2.2.4 and earlier. The entry describes an unspecified vulnerability that could affect confidentiality, integrity, and availability via unknown vectors, with a note from third‑party claims that it may permit remote ...
CVE-2011-4301
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...
CVE-2011-4301
The CVE-2011-4301 issue affects Moodle’s Forms Library (MoodleQuickForm in lib/formslib.php) where the Forms API setConstant operation is not recognized. This allows remote attackers to submit unexpected form content by modifying constant field values. Affected versions are Moodle 1.9.x prior to ...