Lucene search
K

208 matches found

Prion
Prion
added 2017/01/06 9:59 p.m.16 views

Integer overflow

When opening a Hangul HShow Document .hpt and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be...

6.8CVSS7.4AI score0.02342EPSS
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.

A vulnerability exists in the SnifferDecompress function in the wireshark/Wireshark DOS Sniffer processing tool, due to the possibility of data overwriting during copying. Exploiting this vulnerability allows malicious actors operating remotely to cause a service failure abrupt termination of the...

5CVSS5.5AI score0.03058EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/03/13 6:59 p.m.20 views

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

8.8CVSS9.2AI score0.02339EPSS
Exploits0References23
Prion
Prion
added 2016/03/13 6:59 p.m.36 views

Code injection

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

6.8CVSS7.5AI score0.02339EPSS
Exploits0References23Affected Software7
Debian CVE
Debian CVE
added 2016/03/13 6:0 p.m.28 views

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

8.8CVSS10AI score0.02339EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/03/08 12:0 a.m.25 views

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

8.8CVSS7.2AI score0.02339EPSS
Exploits0References4
Kitploit
Kitploit
added 2014/09/30 12:22 a.m.15 views

srm - command-line program to delete files securely

srm is a secure replacement for rm1. Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely tha...

6.7AI score
Exploits0
CVE
CVE
added 2014/09/20 10:0 a.m.74 views

CVE-2014-6432

Wireshark vulnerable component: Sniffer file parser (wiretap/ngsniffer.c). CVE-2014-6432 is caused by the SnifferDecompress function not preventing data overwrites during copy operations, enabling DoS (application crash) via a crafted file. Affected versions: Wireshark 1.10.x before 1.10.10 and 1...

5CVSS6.1AI score0.03058EPSS
Exploits0References14Affected Software1
Cvelist
Cvelist
added 2014/09/20 10:0 a.m.20 views

CVE-2014-6432

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service application crash via a crafted file...

6AI score0.03058EPSS
Exploits0References14
Prion
Prion
added 2014/05/26 7:55 p.m.17 views

Authorization

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service data overwrite or disk consumption via...

4.1CVSS6.7AI score0.00262EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/05/26 7:0 p.m.23 views

CVE-2013-6714

The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service data overwrite or disk consumption via...

6.3AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2014/05/26 7:0 p.m.48 views

CVE-2013-6714

The CVE-2013-6714 issue affects IBM Tivoli Storage FlashCopy Manager for VMware (FlashCopy Manager for VMware) 3.1, 3.2 and 4.1, where the GUI does not properly enforce authorization for backup/restore operations. This can allow local users to access VM data or perform restores that overwrite pro...

4.1CVSS6.4AI score0.00262EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2014/05/15 12:0 a.m.12 views

[SECURITY] Fedora 19 Update: srm-1.2.13-1.fc19

srm is a secure replacement for rm1. Unlike the standard rm, it overwrites the data in the target files before unlinkg them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that...

1.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.24 views

Mandriva Linux Security Advisory : cups-pk-helper (MDVSA-2013:069)

Updated cups-pk-helper package fixes security vulnerability : cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the...

5.8CVSS5.4AI score0.01221EPSS
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2012/12/17 12:0 a.m.483 views

Malformed GIF images could allow execution of arbitrary code

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a...

3.8AI score
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2011/11/28 12:0 a.m.31 views

RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

7.5CVSS3.6AI score0.037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/11/09 12:0 a.m.88 views

MySQL Enterprise Server 5.0 < 5.0.70 Privilege Bypass

The version of MySQL Enterprise Server 5.0 installed on the remote host is earlier than 5.0.70. In such versions, it is possible for a local user to circumvent privileges through the creation of MyISAM tables employing the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table...

4.6CVSS6.9AI score0.02588EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2008/02/22 12:0 a.m.22 views

ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities

Binary data 4399.prm...

10CVSS7.3AI score0.02566EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2007/04/16 3:27 p.m.4 views

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

6.8CVSS6.2AI score0.07625EPSS
Exploits1References4
exploitpack
exploitpack
added 2007/01/25 12:0 a.m.16 views

Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)

Microsoft Excel - Malformed Palette Record Denial of Service PoC MS07-002 """ MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC Author LifeAsaGeek at gmail.com ... and Microsoft said that vuln credit is for Greg MacManus of iDefense Labs Vulnerablity Description Bound error occurs whe...

7.3AI score
Exploits0
Rows per page
Query Builder