29 matches found
thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...
Design/Logic Flaw
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...
CVE-2017-11402
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...
PT-2017-18575 · Conan +1 · Lrzip +1
Name of the Vulnerable Software and Affected Versions: LZO version 2.08 lrzip version 0.631 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and application crash, via a crafted archive. This is due to a problem in the lzo1x decompre...
CVE-2015-5256
Summary of CVE-2015-5256 : Apache Cordova-Android before 4.1.0 contains a flaw in the remote server relyance whitelisting mechanism that allows an attacker to bypass intended access restrictions by crafting a URI. This can enable execution of non-whitelisted JavaScript. Concrete details from conn...
Incorrect Handling of Non-Boolean Comparisons During Minification
Overview Versions of uglify-js prior to 2.4.24 are affected by a vulnerability which may cause crafted JavaScript to have altered functionality after minification. Recommendation Upgrade UglifyJS to version = 2.4.24. References - Backdooring JS - Yan Zhu@bcrypt - Issue 751 - GitHub Advisory...
CVE-2012-6102
The CVE-2012-6102 issue affects Moodle’s Assignment module: specifically the Submissions comments plugin (lib.php). It allows remote attackers to read or modify any user’s submission comments (feedback comments) via a crafted URI in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1. The root cause...
Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
The host is installed with Microsoft Windows operating system and is prone to Privilege Escalation Vulnerability. This NVT has been replaced by NVT secpodms10-015.nasl OID:1.3.6.1.4.1.25623.1.0.900740. OpenVAS Vulnerability Test $Id: gbmskernelprvescvuln.nasl 5368 2017-02-20 14:34:16Z cfi $...
[ MDVSA-2008:122 ] - Updated clamav packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:122 http://www.mandriva.com/security/ Package : clamav Date : June 24, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 Problem Description: A vulnerability was discovered in ClamAV and...