DEBIAN-CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service heap-based buffer underread and application crash via a crafted file, involving xmlParseName...

PT-2016-7130 · Qemu Team +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU aka Quick Emulator affected versions not specified Description: The issue allows local guest OS administrators to cause a denial of service by leveraging failure to check IP header length in the vmxnet tx pkt parse headers function...

CVE-2016-4539

The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML data in the second argument,...

expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions. An...

Linux kernel denial of service vulnerability (CNVD-2016-02592)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the imspcuparsecdcdata function in the drivers/input/misc/ims-pcu.c file in Linux kernel version 3.10, which can be exploited by a...

HackerOne: Previous attachments can be referenced when creating a new report

Hello When user upload file in comment to report, user can find file ID by two ways: 1. In preview mode - In response to POST method https://hackerone.com/attachments , answer will be something like this: -"id":84577,"name":"mytestfile.png","size":32397 where fileID = 84577 for example 2. If user...

PHP PHAR extension 'phar_parse_zipfile' function buffer overflow vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community.PHAR is one of the archived extensions. A security vulnerability exists in the 'pharparsezipfile' function in the zip.c file of PHP's PHAR extension, which allows a remote...

UBUNTU-CVE-2016-3142

The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash by placing a PK\x05\x06 signature at an inval...

CVE-2016-0816

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, related to decoder/ih264dparseislice.c and decoder/ih264dparsepslice.c, aka internal bug 25928803...

Fedora 21 : perl-IPTables-Parse-1.5-2.fc21 (2015-240dd21cb6)

Update to IPTables-Parse-1.5 - Fix use of predictable temporary file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 22 : perl-IPTables-Parse-1.5-2.fc22 (2015-30f080e459)

Update to IPTables-Parse-1.5 - Fix use of predictable temporary file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 23 : perl-IPTables-Parse-1.5-2.fc23 (2015-0c153d3319)

Update to IPTables-Parse-1.5 - Fix use of predictable temporary file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

New Relic: Html injection in monitor name textbox

payload in monitor name textbox : image tag is executed in Monitot failed email fix : Need to done secure parse encode in monitor name textbox to prevent html injection in email...

Mozilla Firefox Denial of Service Vulnerability (CNVD-2015-08327)

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in the 'RTPReceiverVideo::ParseRtpPacket' function in Mozilla...

IPTables-Parse 'IPTables/Parse.pm' Insecure Temporary File Creation Vulnerability

IPTables-Parse is a Perl extension for parsing iptables and ip6tables firewall rules. An insecure temporary file creation vulnerability exists in IPTables-Parse versions prior to 1.6. A local attacker can exploit this vulnerability to perform a symbolic link attack to overwrite arbitrary files in...

Amazon Linux: Security Advisory (ALAS-2015-627)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : perl-IPTables-Parse (ALAS-2015-627)

A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. C Tenable Network Security, Inc. The descriptive te...

Low: perl-IPTables-Parse

Issue Overview: A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Affected Packages:...