Lucene search
K

1406 matches found

BDU FSTEC
BDU FSTEC
added 2018/09/25 12:0 a.m.5 views

The vulnerability of the network service component of the ArchestrA system’s messaging component between components allows a perpetrator to cause a service failure.

The vulnerability of the network service component of the ArchestrA system for message exchange between components is related to an error in pointer arithmetic. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted request...

5CVSS5.5AI score0.03201EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2018/09/25 12:0 a.m.41 views

Debian: Security Advisory (DLA-1518-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.02674EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/09/11 1:29 p.m.19 views

CVE-2016-7069

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...

7.5CVSS6.6AI score0.04541EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/11 1:0 p.m.20 views

CVE-2016-7069

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...

5.9CVSS7.9AI score0.04541EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/21 12:0 a.m.29 views

Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities

Binary data 700335.prm...

9.8CVSS7.3AI score0.12054EPSS
Exploits3References10
GoogleProjectZero
GoogleProjectZero
added 2018/07/26 12:0 a.m.12 views

Drawing Outside the Box: Precision Issues in Graphic Libraries

By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class that typically affects graphic libraries though it can also occur in other types of software. The root cause of such issues is using limited precision arithmetic in...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/07/12 12:0 a.m.2 views

Microsoft Research JavaScript Cryptography Library Security Bypass Vulnerability

Microsoft Research JavaScript Cryptography Library is a JavaScript cryptography library for cloud services from Microsoft USA that supports RSA encryption/decryption, AES-CBC encryption/decryption and GCM encryption/decryption. A security bypass vulnerability exists in the Microsoft Research...

9.8CVSS9.1AI score0.07035EPSS
Exploits0References1
OSV
OSV
added 2018/07/11 12:29 a.m.4 views

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

9.8CVSS5.8AI score0.07035EPSS
Exploits0References3
CVE
CVE
added 2018/07/11 12:0 a.m.73 views

CVE-2018-8319

CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...

9.8CVSS9.2AI score0.07035EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/07/11 12:0 a.m.15 views

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

9.3AI score0.07035EPSS
Exploits0References3
PyPA
PyPA
added 2018/07/06 12:29 a.m.5 views

PYSEC-2018-89

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...

9.8CVSS7AI score0.02643EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/07/06 12:29 a.m.3 views

UBUNTU-CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...

9.8CVSS6.8AI score0.02643EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2018/07/05 2:29 a.m.1 views

CVE-2018-13231

The sell function of a smart contract implementation for ENTER ENTR Contract Name: EnterToken, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

7.5CVSS5.5AI score0.01033EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.39 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent

Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems DirectorISD Platform Agent. These OpenSSL vulnerabilities were disclosed in September 2016 and October 2016 by the OpenSSL Project. Vulnerability Details CVEID: CVE-2016-2182 DESCRIPTION: OpenSSL is vulnerable to a...

9.8CVSS0.8AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:17 p.m.52 views

Security Bulletin: Open Source zlib Vulnerabilities in IBM eDiscovery Manager

Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840...

9.8CVSS2.2AI score0.07489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:6 p.m.42 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...

9.8CVSS0.7AI score0.63029EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.29 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool.

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION...

10CVSS1.3AI score0.70223EPSS
Exploits2Affected Software1
Prion
Prion
added 2018/06/04 7:29 p.m.13 views

Out-of-bounds

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...

6.8CVSS7AI score0.01251EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/04 7:0 p.m.51 views

CVE-2016-8390

CVE-2016-8390 concerns Hopper Disassembler 3.11.20, where the ELF Section Headers parsing has an out-of-bounds write due to attacker-controlled data in the section header table. Multiple connected sources describe a vulnerability in ELF parsing that can cause memory corruption via a crafted ELF f...

7.8CVSS7.5AI score0.01251EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/05/25 12:0 a.m.6 views

The vulnerability of the Qualcomm GNSS API component in the Android operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Qualcomm GNSS API in the Android operating system is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS5.5AI score0.01456EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder