4355 matches found
UBUNTU-CVE-2016-5728
Race condition in the vopioctl function in drivers/misc/mic/vop/vopvringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service memory corruption and system crash by changing a certain header, ak...
PT-2016-2119 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.12 Description: The issue is related to the odbc bindcols function in PHP, which mishandles driver behavior for SQL WVARCHAR columns. This can be exploited by remote attackers to cause a denial of service application...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...
CVE-2015-8550
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...
DEBIAN-CVE-2015-8550
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...
Double free
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...
CVE-2015-8550
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...
CVE-2015-8550
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service host OS crash or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability...
CVE-2015-8550
CVE-2015-8550 is reported in Xen as a double-fetch vulnerability affecting systems using PV backends. The issue arises when memory is shared between the Xen frontend and backend, enabling local guest OS administrators to either crash the host OS (DoS) or gain privileges. The description consisten...
The vulnerability of Google Chrome browser allows a perpetrator to obtain confidential information.
The vulnerability of the Content Security Policy CSP implementation in Google Chrome’s Blink engine is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information about visited web pages by...
DEBIAN-CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed packet to the rndc aka control channel interface...
Design/Logic Flaw
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed packet to the rndc aka control channel interface...
CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed packet to the rndc aka control channel interface...
UBUNTU-CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed packet to the rndc aka control channel interface...
chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
CVE-2016-2845
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
Path traversal
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
Debian Security Advisory DSA 3471-1 (qemu - security update)
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...
Ubuntu: Security Advisory (USN-2886-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Service workers and base URIs
Previously when we've run into a contentious service worker design issue, we've asked web developers what they think. This has worked out pretty well in the past, with developer feedback directly informing spec changes. It's also great because we can blame y'all if you pick the wrong thing. Well,...