1616 matches found
The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code or trigger a service denial.
Mozilla Firefox ESR’s software contains a vulnerability in the nsHostResolver::ConditionalRefreshRecord function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by manipulating server permissions...
openSUSE Security Update : clamav-database (openSUSE-2016-726)
This update for clamav-database refreshes the database. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2016-726...
openSUSE Security Update : clamav-database (openSUSE-2016-451)
This update provides a database refresh for the clamav-database. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Scientific Linux Security Update : sssd on SL7.x x86_64 (20151119)
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
RedHat Update for sssd RHSA-2015:2355-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2015-5225
Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...
Qemu: ui: vnc: heap memory corruption in vnc_refresh_server_surface
A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vncrefreshserversurface routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process...
CVE-2015-5225
Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...
Mac OS X Multiple EFI Vulnerabilities (EFI Security Update 2015-001)
The remote Mac OS X host is running EFI firmware that is affected by multiple vulnerabilities : - An insufficient locking issue exists, when resuming from sleep states, which allows a local attacker to write to the EFI flash memory by using an crafted application with root privileges. CVE-2015-36...
Design/Logic Flaw
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message...
Memory corruption
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service memory corruption, by...
CVE-2015-3710
CVE-2015-3710 affects Apple Mail on iOS <= 8.3/8.4? and OS X
Internet Bug Bounty: Race Conditions in OAuth 2 API implementations
Most of OAuth 2 API implementations seem to have multiple Race Condition vulnerabilities for processing requests for Access Token or Refresh Token. Race Condition allows a malicious application to obtain several accesstoken and refreshtoken pairs while only one pair should be generated. Further, ...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
Cisco WebEx Meetings Server User Enumeration Vulnerability
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to guess valid user accounts on the targeted system. The vulnerability exists because the affected software fails to refresh the CAPTCHA on the login page. An attacker could exploit this vulnerability b...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...