1406 matches found
The vulnerability of the network service component of the ArchestrA system’s messaging component between components allows a perpetrator to cause a service failure.
The vulnerability of the network service component of the ArchestrA system for message exchange between components is related to an error in pointer arithmetic. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted request...
Debian: Security Advisory (DLA-1518-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-7069
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...
CVE-2016-7069
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...
Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities
Binary data 700335.prm...
Drawing Outside the Box: Precision Issues in Graphic Libraries
By Mark Brand and Ivan Fratric, Google Project Zero In this blog post, we are going to write about a seldom seen vulnerability class that typically affects graphic libraries though it can also occur in other types of software. The root cause of such issues is using limited precision arithmetic in...
Microsoft Research JavaScript Cryptography Library Security Bypass Vulnerability
Microsoft Research JavaScript Cryptography Library is a JavaScript cryptography library for cloud services from Microsoft USA that supports RSA encryption/decryption, AES-CBC encryption/decryption and GCM encryption/decryption. A security bypass vulnerability exists in the Microsoft Research...
CVE-2018-8319
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...
CVE-2018-8319
CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...
CVE-2018-8319
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...
PYSEC-2018-89
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...
UBUNTU-CVE-2018-13347
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...
CVE-2018-13231
The sell function of a smart contract implementation for ENTER ENTR Contract Name: EnterToken, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent
Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems DirectorISD Platform Agent. These OpenSSL vulnerabilities were disclosed in September 2016 and October 2016 by the OpenSSL Project. Vulnerability Details CVEID: CVE-2016-2182 DESCRIPTION: OpenSSL is vulnerable to a...
Security Bulletin: Open Source zlib Vulnerabilities in IBM eDiscovery Manager
Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool.
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION...
Out-of-bounds
An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...
CVE-2016-8390
CVE-2016-8390 concerns Hopper Disassembler 3.11.20, where the ELF Section Headers parsing has an out-of-bounds write due to attacker-controlled data in the section header table. Multiple connected sources describe a vulnerability in ELF parsing that can cause memory corruption via a crafted ELF f...
The vulnerability of the Qualcomm GNSS API component in the Android operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Qualcomm GNSS API in the Android operating system is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...