8416 matches found
samba: Flaws in Kerberos PAC validation can trigger privilege elevation
A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...
samba: Flaws in Kerberos PAC validation can trigger privilege elevation
A flaw was found in the way Samba handled PAC Privilege Attribute Certificate checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process...
gnutls: Heap read overflow in read-packet.c
Multiple heap-based buffer overflows in the readattribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
UBUNTU-CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
RoundCube Webmail mail <1.0.5 body stored XSS(CVE-2015-1433)
RoundCube Webmail is a foreign use of a wide an open source php e-mail system, the meaning is still quite large. roundcube webmail official website: , download the latest version. /program/lib/Roundcube/rcubewashtml.php this file is actually a rich text filter class class rcubewashtml it. roundcu...
UBUNTU-CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker...
tnef 'src/mapi_attr.c:mapi_attr_read()' function denial of service vulnerability
tnef is a set of programs for decompressing MIME attachments. A security vulnerability in the 'src/mapiattr.c:mapiattrread' function of tnef allows an attacker to conduct a denial of service attack by submitting a special file that triggers invalid read and write operations...
CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
Cross site scripting
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
PYSEC-2017-15
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
PYSEC-2017-14
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
Cross site scripting
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
PYSEC-2017-15
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
UBUNTU-CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
UBUNTU-CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
DEBIAN-CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...