CVE-2016-3697

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container...

UBUNTU-CVE-2016-3697

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container...

CVE-2016-3697

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container...

CVE-2016-3697

CVE-2016-3697 affects Docker runtimes (libcontainer/user/user.go in runC) up to Docker 1.11.2, where a numeric UID is misinterpreted as a username in /etc/passwd inside a container, enabling local privilege escalation. The issue is tied to the runC/opencontainers code path (libcontainer) and allo...

KLA10820 Privilege escalation vulnerability in Docker

An improper treating of a numeric UID was found in Docker. By exploiting this vulnerability malicious users can escalate privileges. This vulnerability can be exploited locally via a numeric username in the password file. Technical details This vulnerability is related to libcontainer/user/user.g...

DEBIAN-CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

Vulnerabilities in the Android operating system that allow a hacker to increase their privileges

The multiple vulnerabilities of the minzip/SysUtil.c function in the Recovery Procedure component of the Android operating system are caused by a numerical overflow. Exploiting these vulnerabilities could allow an attacker, operating locally, to enhance their privileges through a specially create...

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2016-02488)

Horde Groupware is email and communication solutions. A cross-site scripting vulnerability in Horde Groupware versions prior to 5.2.12 and Horde Groupware Webmail Edition versions prior to 5.2.12 allows remote attackers to inject arbitrary web script or HTML via numeric form fields...

CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

UBUNTU-CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

CVE-2015-8807

The CVE-2015-8807 issue affects Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12. The vulnerability resides in Horde’s _renderVarInput_number function within Html.php, enabling remote attackers to inject arbitrary web script or HTML via numbers in form fields (XSS)....

CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the getCoverageFormat12 function in the CmapCoverage.cpp library of the Minikin operating system in Android is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker acting locally to trigger a service failure long-term reboot through an...

The vulnerability of the Android operating system allows a hacker to bypass security measures and obtain confidential information.

The vulnerability of the BnCrypto::onTransact function media/libmedia/ICrypto.cpp in the Android operating system is caused by a numerical overflow. Exploiting this vulnerability could allow a malicious actor to bypass security measures and obtain confidential information, leading to incorrect...

Updated libgcrypt packages fix security vulnerabilities

Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerability of the Flash Player and Adobe Integrated Runtime programs is due to a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a large BitmapData object...

Oracle: Security Advisory (ELSA-2013-0120)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...