shopify-scripts: Heap overflow due to off-by-one when expanding stack

This program triggers a heap buffer overflow while zeroing a new stack allocation due to an off-by-one while expanding the stack. It doesn't appear to be exploitable and the fix is extremely simple so I didn't try to simplify the failing test case too much: ruby class A yield ensure...

CVE-2016-5549

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2016-5547

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...

Denial Of Service (DoS)

wger is vulnerable to denial-of-service DoS attacks. The vulnerability exists as there are no limit checks in the csv upload functionality and it is exploitable by importing large size csv...

Security vulnerabilities fixed in Thunderbird 45.6 — Mozilla

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. Memory corruption resulting in a potentially...

CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CVE-2016-9037

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's valu...

Out-of-bounds

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

Out-of-bounds

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's valu...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CRLF Injection - PeopleSoft IMServlet

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor: Oracle Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Authors: Dmitry Yudin ERPScan aka...

CVE-2016-8733

CVE-2016-8733 concerns Joyent SmartOS, specifically the Hyprlofs file system. The vulnerability resides in the Ioctl handling path for HYPRLOFS_ADD_ENTRIES when dealing with native/file-system data models. A user-supplied length (an unsigned integer) is cast to a signed int, bypassing an upper bo...

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

CVE-2016-7879

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution...

SAP NetWeaver disp+work anonymous denial of service with crafted DIAG request

Application: SAP NetWeaver Versions Affected: SAP NetWeaver disp+work 7.4 Vendor URL: SAP Bugs: DoS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2405918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS Impac...

CVE-2016-9894

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox 50.1...