CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

CVE-2016-9952

The CVE-2016-9952 issue affects libcurl (lib/vtls/schannel.c) in Windows CE builds using the schannel TLS backend. It arises in verify_certificate for libcurl versions 7.30.0 through 7.51.0 and allows remote attackers to perform MITM attacks by presenting a crafted wildcard SAN in the server cert...

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

CVE-2017-1000425

CVE-2017-1000425 is a cross-site scripting vulnerability in Liferay Portal CE 7.0 GA4 and older, exploitable via a javascript: URI in the movie parameter of /html/portal/flash.jsp. Affected component: flash.jsp in the portal; root cause: insufficient input sanitization of the movie parameter lead...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

CVE-2017-16539

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss when certain older Linux kernels are used by leveraging Docker container access to write a "scsi remove-single-device" line to...

PT-2017-14440

Name of the Vulnerable Software and Affected Versions Docker Moby versions prior to 17.03.2-ce Description The issue concerns the DefaultLinuxSpec function in oci/defaults.go, which does not properly block /proc/scsi pathnames. This oversight allows attackers to cause data loss, particularly when...

Docker-CE Denial of Service Vulnerability

Docker-CE aka Moby is a set of frameworks for installing systems in containers. A security vulnerability exists in Docker-CE that stems from the program failing to perform content validation. A remote attacker could exploit the vulnerability to cause a denial of service...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

Code injection

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

CVE-2017-14992

CVE-2017-14992 affects Docker-CE (Moby) across multiple older releases (e.g., 1.12.6-0, 1.10.3, 17.03.x, 17.06.x, 17.09.0 and earlier). The issue is lack of content verification in image layers, allowing a remote attacker to trigger a Denial of Service via a crafted image layer payload (gzip bomb...

CVE-2017-14992

Lack of content verification in Docker-CE Also known as Moby versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing...

ce-web.com XSS vulnerability

Open Bug Bounty ID: OBB-385118 Description| Value ---|--- Affected Website:| ce-web.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2017-14923

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14923

The CVE-2017-14923 issue affects Tine 2.0 Community Edition prior to 2017.08.4, exposing a Stored XSS via an IMG element in the Leadname field. An authenticated user can inject JavaScript that is mishandled when rendered by admins and other users. CVSS data in the records indicates a MEDIUM base ...

ce-fit.com XSS vulnerability

Vulnerable URL: http://www.ce-fit.com/product/category.php?id="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 7345266 VIP website status:| No Coordinated Disclosure Timeline:...

CVE-2017-12426

CVE-2017-12426 affects GitLab CE/EE: versions before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4, may allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. CVSSv3 base score 8.8 (HIGH); CV...