483 matches found
CVE-2017-7455
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control...
chromium-browser: heap buffer overflow in v8
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page...
chromium-browser: heap overflow in skia
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...
OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
MGASA-2017-0045 Updated nagios packages fix security vulnerabilities
The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...
tika: XML External Entity vulnerability
It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...
CVE-2016-8309
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via...
CVE-2016-5334
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors...
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
CVE-2016-6644
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an robjectid value...
CVE-2016-1473
Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216...
Unspecified Vulnerability in Oracle Siebel CRM Oracle Knowledge Component (CNVD-2016-05272)
Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions, which includes sales management, marketing management, customer service systems, call centers and other modules.Oracle Knowledge is one of the knowledge management components. A...
PT-2016-6141 · Pulse · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r9 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: The issue allows...
JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue...
Unspecified Vulnerability in Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries
Adobe Creatie Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from Adobe USA. A security vulnerability exists in Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop 3.5.1.209...
UBUNTU-CVE-2016-2055
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
DEBIAN-CVE-2016-2140
The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...
SUSE-SU-2016:0032-1 Security update for samba
This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB bnc958586. - CVE-2015-5252: Insufficient symlink verification file access outside the share bnc958582. - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the...
openSUSE Security Update : samba / ldb / talloc / etc (openSUSE-2015-945)
"This update for ldb, samba, talloc, tdb, tevent fixes the following issues : ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos; cve-2015-3223; bso11325 + Fix remote read memory exploit in ldb; cve-2015-5330; bso11599 + Move ldbunpackdata into ldbmodule.h for testing + Fix...
openSUSE Security Update : ldb / samba / talloc / etc (openSUSE-2015-943)
"This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs : The Samba LDB was updated to version 1.1.24 : - Fix ldap \00 search expression attack dos; CVE-2015-3223; bso11325 - Fix remote read memory exploit in ldb; CVE-2015-5330; bso11599 - Move ldbunpackdata...