34 matches found
AZL-6885 CVE-2015-4646 affecting package squashfs-tools for versions less than 4.5-1
1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...
CVE-2017-5841
The gstavidemuxparsencdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving ncdt tags...
chromium-browser: use-after-free in autofill
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted w...
chromium-browser: URL validation error in extensions
The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtimeapi.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to a...
Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute...
OpenJDK: Prevent revealing the local address (Networking, 8001318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous...
OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...
CVE-2014-0022
The CVE-2014-0022 issue affects yum 3.4.3 and earlier where installUpdates in yum-cron/yum-cron.py does not correctly handle the return value of sigCheckPkg, allowing an unsigned package to bypass RPM package signing restrictions. This is a remote-codeish risk vector tied to RPM signature checks,...
OpenJDK: insufficient security checks (JAXWS, 8017505)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS...
CVE-2012-2543
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."...
CentOS Update for openjpeg CESA-2012:1283 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Raja Natarajan Guestbook 'lang' Parameter Local File Include Vulnerability
The Raja Natarajan Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...
PT-2004-1350 · Ethereal · Ethereal
Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.8.13 through 0.10.2 Description: The issue is related to multiple buffer overflows that can be triggered by remote attackers, potentially leading to a denial of service or the execution of arbitrary code. This can occur vi...