5655 matches found
SUSE CVE-2013-5782
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
SUSE CVE-2013-5817
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI...
SUSE CVE-2014-4288
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532...
SUSE CVE-2015-2638
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...
SUSE CVE-2015-8078
Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...
SUSE CVE-2016-1618
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
SUSE CVE-2016-7951
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks...
SUSE CVE-2016-9586
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...
SUSE CVE-2017-14806
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version...
PT-2023-1439 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, which can lead to cross-site scripting attacks. An attacker c...
PT-2023-1437 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could...
Design/Logic Flaw
A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...
EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2023-1363)
According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory...
PT-2023-16337 · Unknown · Sourcecodester Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Tours & Travels Management System. The issue is related to an unknown function of the file...
ROS-20230124-04
The vulnerability in the Mozilla Firefox browser is due to the fact that a deprecated library libusrsctp contained a vulnerability that could potentially be exploited. vulnerabilities that could potentially be exploited. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20230127-01
A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser's full-screen notification could have been delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to direct a user to a...
Kirby 注入漏洞
Kirby is a file-based content management system CMS. An injection vulnerability exists in Kirby Webmentions, which stems from a vulnerability found in the bastianallgeier Kirby Webmentions plugin, which affects unknown functionality, and can be manipulated to cause injections, which can be used t...
Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IKEEXT service, which listens on UDP ports 500 and 4500. A crafted...
PT-2023-12294 · Ruckus Wireless · Ruckus Wireless Smartzone Controller
Name of the Vulnerable Software and Affected Versions: Ruckus Wireless SmartZone controller affected versions not specified Description: The issue is related to a DDOS reflection amplification vulnerability in the eAut module of the Ruckus Wireless SmartZone controller. This vulnerability allows...
CVE-2022-40319
The CVE-2022-40319 affects LISTSERV 17 web interface and is an Insecure Direct Object Reference (IDOR) vulnerability where remotes can modify a victim’s account by altering the email in the wa.exe URL (e.g., wa.exe?INDEX&X&Y). Root cause is improper access control on user identifiers exposed via ...