22 matches found
UBUNTU-CVE-2016-10517
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...
DEBIAN-CVE-2016-6293
The ulocacceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode ICU through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service out-of-bounds read or...