4967 matches found
CVE-2017-6379
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...
USN-3234-2 linux-lts-xenial vulnerabilities
USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not...
WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Cross-Site Request Forgery in Global Content Blocks WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery
------------------------------------------------------------------------ Cross-Site Request Forgery in Global Content Blocks WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
Global Content Blocks - Cross-Site Request Forgery (CSRF)
The global-content-blocks WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to update a content block t...
WordPress Global Content Blocks 2.1.5 Plugin - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst...
CVE-2017-5682
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives,...
Code injection
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives,...
Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.
Summary: Intel PSET Application Install wrapper contains an escalation of privilege vulnerability. Description: Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer a...
DEBIAN-CVE-2016-6329
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...
kernel security and bug fix update
2.6.32-642.11.1 - mm close FOLL MAPPRIVATE race Larry Woodman 1385116 1385117 CVE-2016-5195 2.6.32-642.10.1 - scsi fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer Maurizio Lombardi 1382620 1341298 2.6.32-642.9.1 - net vlan: Fix FCOEMTU support Maurizio Lombardi 1381592...
Cross site request forgery (csrf)
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
ALPINE-CVE-2016-8576
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
DEBIAN-CVE-2016-8576
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
CVE-2016-8576
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
UBUNTU-CVE-2016-8576
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
openjpeg: heap overflow in parsing of JPEG2000 code blocks
An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution...
Android System UI Denial of Service Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. system UI is the system interface that comes with Android. A denial of service vulnerability exists in System UI in Android. An attacker can exploit this vulnerability by using a...