Lucene search
K

379 matches found

RedHat Linux
RedHat Linux
added 2013/06/20 2:42 p.m.7 views

OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

7.5CVSS6.8AI score0.06746EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/06/20 12:0 a.m.4 views

OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

7.5CVSS6.8AI score0.06746EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/06/19 11:56 p.m.5 views

OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

7.5CVSS6.8AI score0.06746EPSS
Exploits0References5
Prion
Prion
added 2013/06/18 10:55 p.m.22 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...

7.5CVSS6.1AI score0.06746EPSS
Exploits0References22Affected Software4
Debian
Debian
added 2013/06/18 3:44 p.m.30 views

[SECURITY] [DSA 2710-1] xml-security-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2710-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 18, 2013 http://www.debian.org/security/faq -...

7.5CVSS6.9AI score0.08402EPSS
Exploits2
OpenVAS
OpenVAS
added 2013/06/18 12:0 a.m.31 views

Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)

James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital...

7.5CVSS0.1AI score0.08402EPSS
Exploits2References1
FreeBSD
FreeBSD
added 2013/06/18 12:0 a.m.28 views

apache-xml-security-c -- heap overflow

The Apache Software Foundation reports: A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signin...

7.5CVSS6.9AI score0.08402EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/03/16 12:0 a.m.38 views

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 801018.prm...

9.3CVSS7.1AI score0.99449EPSS
Exploits36References15
NVD
NVD
added 2012/07/25 7:55 p.m.20 views

CVE-2012-3695

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property...

4.3CVSS5.2AI score0.01102EPSS
Exploits0References5
Cvelist
Cvelist
added 2012/07/25 7:0 p.m.21 views

CVE-2012-3695

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property...

5.1AI score0.01102EPSS
Exploits0References5
CVE
CVE
added 2012/07/25 7:0 p.m.55 views

CVE-2012-3695

CVE-2012-3695 corresponds to a Cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari before version 6.0. The issue arises from improper URL canonicalization during handling of the location.href property, enabling remote attackers to inject arbitrary web script or HTML. The provi...

4.3CVSS5.2AI score0.01102EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2012/06/21 3:55 p.m.16 views

CVE-2011-4599

Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...

7.5CVSS7AI score0.08003EPSS
Exploits0References21
OSV
OSV
added 2012/06/21 3:55 p.m.2 views

DEBIAN-CVE-2011-4599

Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...

7.5CVSS8.3AI score0.08003EPSS
Exploits0References1
Cvelist
Cvelist
added 2012/06/21 3:0 p.m.23 views

CVE-2011-4599

Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...

7AI score0.08003EPSS
Exploits0References21
Debian CVE
Debian CVE
added 2012/06/21 3:0 p.m.38 views

CVE-2011-4599

Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...

7.5CVSS9.6AI score0.08003EPSS
Exploits0
Amazon
Amazon
added 2012/01/09 12:0 a.m.38 views

Medium: icu

Issue Overview: A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute...

7.5CVSS10AI score0.08003EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2011/12/30 12:0 a.m.23 views

Mandriva Update for icu MDVSA-2011:194 (icu)

Check for the Version of icu OpenVAS Vulnerability Test Mandriva Update for icu MDVSA-2011:194 icu Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

7.5CVSS0.08003EPSS
Exploits0References2
NVD
NVD
added 2011/12/05 11:55 a.m.19 views

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

6.4CVSS6.6AI score0.03367EPSS
Exploits0References3
Cvelist
Cvelist
added 2011/12/05 11:0 a.m.23 views

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

6.5AI score0.03367EPSS
Exploits0References3
CVE
CVE
added 2011/12/05 11:0 a.m.44 views

CVE-2011-4675

CVE-2011-4675 affects Widelands prior to 15.1. The pathname canonicalization in io/filesystem/filesystem.cc expands leading ~ (tilde) characters to home-directory paths and does not restrict their use in network-provided strings, potentially allowing remote attackers to perform absolute path trav...

6.4CVSS6.8AI score0.03367EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder