4773 matches found
Debian DLA-677-1 : nss security update
The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously, these environment variables were not...
Debian DLA-676-1 : nspr security update
The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously, these environment variables were not...
[SECURITY] [DLA 677-1] nss security update
Package : nss Version : 3.26-1+debu7u1 The Network Security Service NSS libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can be degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously,...
DLA-677-1 nss - security update
Bulletin has no description...
DLA-676-1 nspr - security update
Bulletin has no description...
Debian DSA-3687-1 : nspr - security update
Two vulnerabilities were reported in NSPR, a library to abstract over operating system interfaces developed by the Mozilla project. - CVE-2016-1951 q1 reported that the NSPR implementation of sprintf-style string formatting function miscomputed memory allocation sizes, potentially leading to...
DSA-3687-1 nspr - security update
Bulletin has no description...
Debian Security Advisory DSA 3688-1 (nss - security update)
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of da...
Cybozu Office vulnerable to information disclosure
Overview Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in...
JVN#09736331: Cybozu Office vulnerable to information disclosure
Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the page...
Apple OS X Perl Security Bypass Vulnerability
Apple OS X is a special operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security bypass vulnerability exists in Perl in Apple OS X versions prior to 10.12, which can be exploited ...
CVE-2016-7543
An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...
CVE-2016-4749
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...
CVE-2016-4749
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...
Design/Logic Flaw
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...
CVE-2016-4749
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file...
CVE-2016-6639: PHP Buildpack exposes .profile file | Cloud Foundry
CVE-2016-6639: PHP Buildpack exposes .profile file Medium Vendor Cloud Foundry Foundation Versions Affected PHP Buildpack versions prior to v4.3.18 Cf-release versions prior to v242 Description The .profile file, which can potentially include environment variables and credentials, is exposed by...
Boozt Fashion AB: PHP info page disclosure on http://www.day.dk/
Hi, Boozt team. Description: phpinfo is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: 1. Go to http://www.day.dk/check.php An attacker can obtain information such as: •Exact PHP version. •Exact OS and its version...
Windows FLR fails with "Failed to create or open file [C:\Windows\system32\config\systemprofile\"
Challenge When attempting to perform a Guest OS File Level Restore from a Windows Filesystem the mount Backup Browser displays the error: The system cannot find the path specified. Failed to create or open file C:\Windows\system32\config\systemprofile...\veeamflr-.flat. Agent failed to process...
jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...