8416 matches found
PT-2016-3271 · Xmlsoft +5 · Libxml2 +5
Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.4 Description: The issue is related to a format string vulnerability in the libxml2 library. This vulnerability may allow attackers to have an unspecified impact through format string specifiers in unknown vector...
Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-01537)
Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in the handling of attribute changes to DOM elements in some versions of Internet Explorer, which can be exploited by a remote attacker to reuse a string ordering that has been freed in memory via a...
UBUNTU-CVE-2016-2792
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...
SUSE-SU-2016:0598-1 Security update for rubygem-activerecord-4_1
This update for rubygem-activerecord-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7577: Nested attributes rejection proc bypass bsc963330...
Script execution on Linux target fails with “Permission Denied” even when executed as root.
Challenge When interacting with Linux servers, Veeam Backup & Replication may encounter a "Permission Denied" error during script execution Pre-freeze, post-thaw, and repository data mover agent scripts, even when the account being used is the root user. Cause All script files are uploaded to and...
Ubuntu 15.04 / 15.10 : perl vulnerability (USN-2878-1)
David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism. Note that Tenable Network Security has extracted the preceding description block...
Cross-site Scripting (XSS)
Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. due to the usemap attribute not being blacklisted. Remediation Upgrade angularjs to version 1.5.0 or higher. References - GitHub ChangeLog - GitHub Commit - GitHub PR Credit: Lucas Mirelmann...
Amazon Linux AMI : sssd (ALAS-2016-635)
It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...
Low: sssd
Issue Overview: It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a...
Design/Logic Flaw
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...
CVE-2015-8607
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...
CVE-2015-8607
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
Wireshark 2.0.0 Multiple DoS
The version of Wireshark installed on the remote Windows host is 2.0.0. It is, therefore, affected by multiple denial of service vulnerabilities in the following components : - 802.11 dissector - ANSI A dissector - Ascend file parser - BER dissector - Bluetooth Attribute dissector - DIAMETER...
Wireshark Bluetooth Attribute Parser Denial of Service Vulnerability
Wireshark is the most popular network protocol parser. The getvalue function in the Bluetooth Attribute parser epan/dissectors/packet-btatt.c in version 2.0.x prior to Wireshark 2.0.1 uses incorrect integer data types, allowing remote attackers to cause a denial-of-service invalid write operation...
CVE-2015-8735
The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...
DEBIAN-CVE-2015-8735
The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...
CVE-2015-8735
The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...
CVE-2015-8735
The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...
Integer overflow
The getvalue function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute aka BT ATT dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service invalid write operation and application crash via a crafted packe...