Lucene search
K

166 matches found

Tenable Nessus
Tenable Nessus
added 2018/05/16 12:0 a.m.33 views

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20180515)

This update upgrades Firefox to version 52.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

9.8CVSS7.7AI score0.21288EPSS
Exploits4References10
Exploit DB
Exploit DB
added 2018/04/16 12:0 a.m.251 views

Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure

/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 t...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2018/03/23 12:0 a.m.44 views

Windows Kernel 64-bit pool memory disclosure in NtQueryVirtualMemory(MemoryMappedFilenameInformation)(CVE-2018-0894)

We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The output buffer for thi...

5.7AI score0.02435EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2018/03/06 9:46 p.m.5 views

389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service...

7.5CVSS5.7AI score0.04817EPSS
Exploits0References5
OSV
OSV
added 2018/02/23 9:29 p.m.3 views

DEBIAN-CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parseunicodestring function...

8.8CVSS8.7AI score0.02091EPSS
Exploits1References1
OSV
OSV
added 2018/02/23 9:29 p.m.4 views

UBUNTU-CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parseunicodestring function...

8.8CVSS7.5AI score0.02091EPSS
Exploits1References4
OSV
OSV
added 2018/02/23 9:29 p.m.8 views

CVE-2018-7438

An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parseunicodestring function...

8.8CVSS8.7AI score
Exploits0References5
Mageia
Mageia
added 2017/12/31 12:10 a.m.43 views

Updated kdebase4-runtime packages fix security vulnerability

A user could sneak an unicode string terminator in the kdesu invocation, which could hide the fact that more commands could be executed CVE-2016-7787...

4.9CVSS1.9AI score0.01661EPSS
Exploits0References3
OSV
OSV
added 2017/12/31 12:10 a.m.8 views

MGASA-2017-0473 Updated kdebase4-runtime packages fix security vulnerability

A user could sneak an unicode string terminator in the kdesu invocation, which could hide the fact that more commands could be executed CVE-2016-7787...

4.9CVSS5.2AI score0.01661EPSS
Exploits0References4
OSV
OSV
added 2017/12/09 6:29 a.m.3 views

CVE-2017-16368

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string...

8.8CVSS6.5AI score0.13242EPSS
Exploits0References3
Prion
Prion
added 2017/12/09 6:29 a.m.17 views

Stack overflow

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string...

9.3CVSS9.2AI score0.13242EPSS
Exploits0References3Affected Software4
Vulnrichment
Vulnrichment
added 2017/12/09 6:0 a.m.5 views

CVE-2017-16368

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string...

8.9AI score0.13242EPSS
Exploits0References3
NVD
NVD
added 2017/12/05 7:29 p.m.20 views

CVE-2017-11007

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash...

7.8CVSS7.7AI score0.0017EPSS
Exploits0References2
Prion
Prion
added 2017/12/05 7:29 p.m.16 views

Stack overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash...

7.2CVSS7.5AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.42 views

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

4.3CVSS5.5AI score0.02492EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.39 views

GHSA-9FH3-VH3H-Q4G3 activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

4.3CVSS5.1AI score0.02492EPSS
Exploits0References16
GitLab Advisory Database
GitLab Advisory Database
added 2017/10/24 12:0 a.m.34 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

4.3CVSS4AI score0.02492EPSS
Exploits0References16Affected Software1
FireEye
FireEye
added 2017/01/04 2:2 p.m.43 views

FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...

7.2CVSS7.8AI score0.24554EPSS
Exploits10References4
Tenable Nessus
Tenable Nessus
added 2016/12/27 12:0 a.m.54 views

Debian DLA-761-2 : python-bottle regression update

The update for python-bottle issued as DLA 761-1 would cause a crash if a unicode string was used in a header. Updated packages are now available to correct this issue. For Debian 7 'Wheezy', these problems have been fixed in version 0.10.11-1+deb7u3. We recommend that you upgrade your...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/10/12 12:0 a.m.22 views

openSUSE Security Update : kde-cli-tools5 (openSUSE-2016-1171)

This update for kde-cli-tools5 fixes the following vulnerability : - CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation boo1001916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

4.9CVSS5.2AI score0.01661EPSS
Exploits0References2
Rows per page
Query Builder