Lucene search
+L

248 matches found

Tenable Nessus
Tenable Nessus
added 2016/08/22 12:0 a.m.16 views

FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)

Debian security team reports : Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In...

7.8CVSS7AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2016/08/13 1:59 a.m.4 views

DEBIAN-CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

7.8CVSS6.6AI score0.00403EPSS
Exploits0References1
Prion
Prion
added 2016/08/13 1:59 a.m.17 views

Double free

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

4.6CVSS7.4AI score0.00403EPSS
Exploits0References8Affected Software4
Debian CVE
Debian CVE
added 2016/08/12 4:0 p.m.22 views

CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

7.8CVSS6.5AI score0.00403EPSS
Exploits0
Debian
Debian
added 2016/08/09 3:8 p.m.27 views

[SECURITY] [DLA 587-1] fontconfig security update

Package : fontconfig Version : 2.9.0-7.1+deb7u1 CVE ID : CVE-2016-5384 Debian Bug : 833570 A possible double free vulnerability was found in fontconfig. The problem was due to insufficient validation when parsing the cache file. For Debian 7 "Wheezy", these problems have been fixed in version...

7.8CVSS7.9AI score0.00403EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/08/08 12:0 a.m.15 views

CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

7.8CVSS7AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2016/08/08 12:0 a.m.3 views

UBUNTU-CVE-2016-5384

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file...

7.8CVSS6.1AI score0.00403EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/06/29 10:45 p.m.26 views

Concrete CMS: Full Page Caching Stored XSS Vulnerability

Configuration A concrete5 site running over https on a dedicated IP address. Or any situation where you're not doing name-based virtual hosting and the web server will answer to any hostname. - You have full page caching enabled likely just block output caching too. - Doesn't matter if you have...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.59 views

dedecms v5.7缓存文件data/cache/typename.inc导致任意代码执行(有条件)

No description provided by source...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/04/07 2:37 p.m.11 views

WordPress WP Super Cache Plugin Security Vulnerability Patch

A persistent cross-site scripting XSS vulnerability exists in some versions of a popular WordPress caching engine plugin. The issue – since fixed – exposes vulnerable sites to takeover. From there, attackers could inject malicious scripts, backdoors and so forth. The plugin, WP Super Cache, has...

0.5AI score
Exploits0References4
OSV
OSV
added 2014/12/31 12:0 a.m.4 views

UBUNTU-CVE-2014-9838

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service crash...

5.5CVSS6.8AI score0.01166EPSS
Exploits0References3
Cisco
Cisco
added 2014/10/08 4:22 p.m.38 views

Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting XSS, and other types of...

4.3CVSS6AI score0.01995EPSS
Exploits0References1
OSV
OSV
added 2014/09/27 10:55 a.m.3 views

UBUNTU-CVE-2014-5459

The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2 rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions...

3.6CVSS7.4AI score0.00643EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2014/08/29 12:0 a.m.36 views

Jinja2: Multiple vulnerabilities

Background Jinja2 is a template engine written in pure Python. Description Multiple vulnerabilities have been discovered in Jinja2. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain escalated privileges via a specially crafted cache file or...

4.4CVSS6.7AI score0.0043EPSS
Exploits1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Mozilla Browser 0.9/1.x Cache File Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10709/info Mozilla Browser is reported prone to multiple vulnerabilities that could eventually allow for code execution on the local computer. These vulnerabilities do not represent a significant threat on their own,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3054/info Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager 'man' for cache files. Due to the behaviour of the 'man' program, it may b...

7.1AI score
Exploits0
OSV
OSV
added 2014/05/19 2:55 p.m.7 views

CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

6AI score
Exploits0References17
OSV
OSV
added 2014/05/19 2:55 p.m.2 views

DEBIAN-CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS7AI score0.00373EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/05/19 12:0 a.m.33 views

CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS7.2AI score0.00373EPSS
Exploits0References2
OSV
OSV
added 2014/05/19 12:0 a.m.5 views

UBUNTU-CVE-2014-1402

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS7.2AI score0.00373EPSS
Exploits0References3
Rows per page
Query Builder