elfintils 'elflint.c' file denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A security vulnerability exists in the elflint.c file in elfutils version 0.168. Since the program fails to validate the number of sections and segments. A remote attacker could cause a denial of...

Design/Logic Flaw

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

DEBIAN-CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service memory consumption via a crafted ELF file...

CVE-2016-1000307

Multiple Cross Site Scripting XSS Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via 1 profiledesc, aboutme, schools, occupation, companies, hobbies, favmovies, favmusic, favbooks parameters to ProfileSettings page; 2 note...

Design/Logic Flaw

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

CVE-2017-7299

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

DEBIAN-CVE-2017-7304

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check in the copyspecialsectionfields function for an invalid shlink field before attempting to follow it. This vulnerability causes Binutils...

CVE-2017-7299

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

CVE-2017-7299

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

CVE-2017-7299

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has an invalid read of size 8 because the code to emit relocs bfdelffinallink function in bfd/elflink.c does not check the format of the input file before trying to read the ELF reloc section header. The...

CVE-2017-7299

CVE-2017-7299 affects GNU Binutils 2.28’s Binary File Descriptor library (libbfd). The vulnerability arises when emitting relocations: bfd_elf_final_link in bfd/elflink.c reads the ELF reloc section header without validating the input file format, leading to an invalid read of size 8 and causing ...

CVE-2017-6068

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...

CVE-2017-7209

The dumpsectionasbytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash...

Null pointer dereference

The dumpsectionasbytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash...

KLA10974 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10973. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...

Out-of-bounds

The dwarfdealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted DWARF section...

CVE-2016-5044

The WRITEUNALIGNED function in dwarfelfaccess.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds write and crash via a crafted DWARF section...

DEBIAN-CVE-2016-5044

The WRITEUNALIGNED function in dwarfelfaccess.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds write and crash via a crafted DWARF section...

Design/Logic Flaw

The dwarfgetarangeslist function in libdwarf before 20160923 allows remote attackers to cause a denial of service infinite loop and crash via a crafted DWARF section...

CVE-2016-5044

The WRITEUNALIGNED function in dwarfelfaccess.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds write and crash via a crafted DWARF section...