IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Buffer Overflow (CVE-2015-1929)

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking while processing remote requests within the FXCLIOraBRExecCommand function. A remote unauthenticated attacker could exploit this vulnerability by sendin...

Mozilla Firefox ESR Multiple Vulnerabilities (Nov 2015) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2015-7200

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key...

Information disclosure

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key...

CVE-2015-7199

The 1 AddWeightedPathSegLists and 2 SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a...

CVE-2015-7200

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key...

CVE-2015-7200

CVE-2015-7200 concerns Mozilla Firefox’s CryptoKey interface, where the implementation in Firefox floor before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking. This could allow a remote attacker to achieve an unspecified impact via a cryptographic-key related vector. The NVD lists a b...

CVE-2015-7200

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key...

lldp 'protocols/lldp.c' buffer overflow vulnerability

lldp is a link-layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. lldp 'protocols/lldp.c' does not perform proper bounds checking on user-submitted input, allowing an attacker to exploit the vulnerability by submitting a...

The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks

The vulnerability of Microsoft Edge exists due to a flaw in the process of checking HTML attributes. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...

Amazon Linux AMI : ntp (ALAS-2015-607)

It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with...

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

Design/Logic Flaw

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certifica...

OpenJDK: CRL checking flaw (Libraries, 8081744)

Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: CRL checking flaw (Libraries, 8081744)

Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

Websense Triton Content Manager handle_debug_network Stack Buffer Overflow (CVE-2015-5718)

A stack buffer overflow vulnerability exists in Websense Triton Content Manager. The vulnerability is due to calling "strcpy" without boundary checking. A remote unauthenticated attacker can overflow the "dest" buffer in "handledebugnetwork"...

SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:0593-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : mbedTLS/PolarSSL -- DoS and possible remote code execution (07a1a76c-734b-11e5-ae81-14dae9d210b8)

ARM Limited reports : When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow : the...

SUSE: Security Advisory for Mozilla (SUSE-SU-2015:0593-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...