Denial Of Service (DoS)

libgit2 is vulnerable to denial of service DoS attacks. The vulnerability exists because gitoidnfmt function in oid.c parses raw objects which allows the attackers to launch denial of service using a cat-file command with an object file...

ForgeRock OpenIDM and OpenICF RACF Connector Component Arbitrary Code Execution Vulnerability

ForgeRock OpenIDM and OpenICF are both products of ForgeRock, USA. The former is a set of enterprise identity management software, the latter is a set of frameworks used to build or help develop a variety of connectors.RACF Connector is one of the security management connection components. A...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird 45.7, Firefox ESR 45....

CVE-2016-0320

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources...

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources...

CVE-2016-0320

CVE-2016-0320 affects IBM UrbanCode Deploy. Description: an authenticated user could modify UCD objects via multiple REST endpoints that do not properly authorize edits, potentially altering behavior of legitimately triggered processes. Affected versions include UrbanCode Deploy 6.0 through 6.2.x...

CVE-2016-0320

IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes...

Mozilla Firefox < 51 Multiple Vulnerabilities

Binary data 9927.prm...

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

Input validation

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird 45.7, Firefox ESR 45....

[SECURITY] Fedora 24 Update: groovy-2.4.5-8.fc24

Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you ca...

RHEL 7 : squid (RHSA-2017:0182)

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Subrion CMS PHP Object Injection Vulnerability

Subrion CMS is an open source content management system CMS. Subrion CMS suffers from a PHP object injection vulnerability that stems from a failure to adequately validate user input. An attacker can use this vulnerability to inject arbitrary objects into the application, delete files, view files...

Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure t...

Security vulnerabilities fixed in Firefox 51 — Mozilla

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2965)

A memory corruption vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted TIFF file...

The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code

The vulnerability of the NetConnection class in the Flash Player software platform is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by accessing the associated script objects...