6758 matches found
CVE-2016-7554
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-08178)
Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of segment identifiers in the SRC attribute of the IFRAME element allows remote attackers to build malicious web pages that can be exploited to trick users into parsing them, which can be used to bypass t...
SUSE-SU-2016:2212-1 Security update for wireshark
This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash bsc991012 - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero bsc991013 - CVE-2016-6506: wireshark: WSP infinite loop bsc991015 - CVE-2016-6507: wireshark: MMSE infinite lo...
GLSA-201608-01 : OptiPNG: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201608-01 OptiPNG: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OptiPNG. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a special...
Code injection
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...
UBUNTU-CVE-2014-9872
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...
CVE-2014-9872
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...
CVE-2016-0339
IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...
Design/Logic Flaw
IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...
IBM Jazz Reporting Service (JRS) Session Hijacking Vulnerability
IBM Jazz Reporting Service is an optional component of IBM Rational Reporting for Development Intelligence. IBM Jazz Reporting Service JRS has a security vulnerability in the Report Builder and Data Collection Component DCC implementations due to the program retaining session ID validity after...
The vulnerability in Microsoft.NET Framework software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
A vulnerability that allows for remote execution of code exists in the Microsoft .NET Framework. This vulnerability is related to incorrect handling of localized resource identifiers. Exploiting this vulnerability enables a malicious individual to gain full control over the system. They can then...
The vulnerability of Google Chromeās browser allows a malicious actor to replace URLs.
Google Chrome browser contains a vulnerability related to the incorrect processing of bidirectional IRI identifiers in the UnescapeURLWithOffsetsImpl function in net/base/escape.cc. Exploiting this vulnerability allows malicious actors to replace URLs with specially crafted Unicode text that is...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
DEBIAN-CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
ALPINE-CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
Code injection
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...