CVE-2016-5652

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

CVE-2016-2374

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution...

Updated thunderbird packages fix security vulnerabilities

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...

Atlassian Confluence 5.9.12 Cross Site Scripting

===== Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ============== Persisted Cross-Site Scripting XSS in Confluence Jira Software ---------------------------------------------------------------- Authors: - Jodson Santos - [email protected] Tempest Security Intelligence -...

icoutils -- check_offset overflow on 64-bit systems

Choongwoo Han reports: An exploitable crash exists in the wrestool utility on 64-bit systems where the result of subtracting two pointers exceeds the size of int...

shopify-scripts: Heap overflow due to off-by-one when expanding stack

This program triggers a heap buffer overflow while zeroing a new stack allocation due to an off-by-one while expanding the stack. It doesn't appear to be exploitable and the fix is extremely simple so I didn't try to simplify the failing test case too much: ruby class A yield ensure...

CVE-2016-5547

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2016-5549

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

CVE-2016-5552

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with...

Denial Of Service (DoS)

wger is vulnerable to denial-of-service DoS attacks. The vulnerability exists as there are no limit checks in the csv upload functionality and it is exploitable by importing large size csv...

Security vulnerabilities fixed in Thunderbird 45.6 — Mozilla

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. Memory corruption resulting in a potentially...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CVE-2016-9037

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's valu...

Out-of-bounds

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's valu...

Out-of-bounds

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CVE-2016-8707

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mpcheck function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mpcheck function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer...

CRLF Injection - PeopleSoft IMServlet

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor: Oracle Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Authors: Dmitry Yudin ERPScan aka...

CVE-2016-8733

CVE-2016-8733 concerns Joyent SmartOS, specifically the Hyprlofs file system. The vulnerability resides in the Ioctl handling path for HYPRLOFS_ADD_ENTRIES when dealing with native/file-system data models. A user-supplied length (an unsigned integer) is cast to a signed int, bypassing an upper bo...