1053 matches found
Fortinet FortiOS Access Privilege Vulnerability
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An access...
CVE-2015-4992
IBM Sterling B2B Integrator 5.2 before 50205008 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...
Cisco ASR 9000 IOS DHCPv6 Server Denial of Service Vulnerability
Cisco IOS on ASR 9000 is a set of operating systems from Cisco that run on 9000 series router devices. A denial of service vulnerability exists in the DHCPv6 server in Cisco IOS on Cisco ASR 9000 devices using software version 5.2.0 Base. A remote attacker could exploit this vulnerability by...
Fortinet FortiClient Unauthorized Operation Vulnerability
Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. An unauthorized operation vulnerability exists in Fortinet FortiClient versions prior to 5.2.4, which allows a local user write to write to arbitrary memory...
Fortinet FortiGate FortiOS Security Bypass Vulnerability
Fortinet FortiGate running FortiOS is a set of security operating system developed by American Fitta Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security feature...
wireshark: TN5250 infinite loop (wnpa-sec-2014-23)
The dissectwritestructuredfield function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service infinite loop via a crafted packet...
The vulnerability of the Red Hat Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ncurses-5.2 package on the Red Hat Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...
Tiki Wiki CMS Groupware Cross-Site Scripting Vulnerability
Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A cross-site scripting vulnerability exists in Tiki Wiki CMS Groupware...
Tiki Wiki CMS Groupware Local File Inclusion Vulnerability
Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A local file inclusion vulnerability exists in Tiki Wiki CMS Groupware...
FFmpeg and Libav 'libavcodec/xface.h' Denial of Service Vulnerability
FFmpeg is a free program that performs recording, transferring and streaming of audio and video in various formats. FFmpeg versions prior to 2.5.2 libavcodec/xface.h establishes certain numeric and word array dimensions that do not conform to the required mathematical relationships, which can be...
DEBIAN-CVE-2014-5461
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service crash via a small number of arguments to a function with a large number of fixed arguments...
CFME: reflected XSS in several places due to missing JavaScript escaping
Cross-site scripting XSS vulnerability in application/panelcontrol in CloudForms 3.0 Management Engine CFME before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...
CVE-2013-3821
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker...
PT-2013-1463 · Red Hat · Web Platform +3
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions prior to 5.2.0 Web Platform EWP versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1 Description: A cross-site scripting XSS issue exists in the...
JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...
mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Apr 2012)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690...
t1lib: Invalid pointer dereference via crafted Type 1 font
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf...
rsyslog: parseLegacySyslogMsg off-by-two buffer overflow
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...
CVE-2009-2189
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of 1 Router Advertisement and 2 Neighbor Discovery packets, which allows remote attackers to cause a denial of service resource...