DEBIAN-CVE-2017-6472

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value...

ALPINE-CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

DEBIAN-CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

The vulnerability of the unarj library, which provides data archiving, allows attackers to re-record any files they choose.

The vulnerability of the -x command line option for extracting the unarj library, which handles data archiving, is related to deficiencies in path name restrictions. Exploiting this vulnerability allows a malicious actor to overwrite arbitrary files using an arj archive with file names containing...

Jenkins-LDAP (CVE-2016-9299) deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Source: gone with the wind's Blog Author: iswin This vulnerability in the last 11 month of official release announcement when I was concerned too, when he was looking for com. sun. jndi. ldap. LdapAttribute this class related to the deserialization was aware of this category inside the...

PowerDNS Recursor 3.6.0 Specific Sequence DoS Vulnerability - Windows

PowerDNS Recursor is prone to a denial of service DoS vulnerability. Note: This VT has been deprecated as the product is not supported on Windows. It is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, a...

CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

CVE-2016-9247

CVE-2016-9247 affects F5 BIG-IP TMM when a virtual server uses a FastL4 profile with a TCP analytics profile; a specific packet sequence can cause TMM restart, potentially disrupting traffic or causing failover. The F5 advisory lists vulnerable versions (e.g., BIG-IP LTM 12.1.0–12.1.1 and other a...

Remote Code Execution Bug Found in Ubuntu Quantal

A remote code execution bug has been patched in the default installation of Ubuntu Desktop affecting all default installations of Quantal version 12.10 and later. According to researcher Donncha O’Cearbhaill, the bug allows for code injection when a user opens a specially crafted malicious file...

DEBIAN-CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service infinite loop via a reply in the 1 XRecordStartOfData, 2 XRecordEndOfData, or 3 XRecordClientDied category without a client sequence and with attached data...

CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service infinite loop via a reply in the 1 XRecordStartOfData, 2 XRecordEndOfData, or 3 XRecordClientDied category without a client sequence and with attached data...

CVE-2016-7952

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service infinite loop via a reply in the 1 XRecordStartOfData, 2 XRecordEndOfData, or 3 XRecordClientDied category without a client sequence and with attached data...

F5 Networks BIG-IP : BIG-IP virtual server TCP sequence numbers vulnerability (K68401558)

Attackers in a privileged network position may be able to obtain TCP sequence numbers SEQ from the BIG-IP system for a short period of time up to 4 seconds that will be reused in future connections with the same source and destination port and IP numbers. C Tenable Network Security, Inc. The...

F5 BIG-IP - BIG-IP virtual server TCP sequence numbers vulnerability

Attackers in a privileged network position may be able to obtain TCP sequence numbers SEQ from the BIG-IP system for a short period of time up to 4 seconds that will be reused in future connections with the same source and destination port and IP numbers. SPDX-FileCopyrightText: 2016 Greenbone AG...

OLX: Reflected XSS at m.olx.ph

INTRO The m.olx.ph domain is vulnerable to reflected XSS through the search function. EXPLOITABILITY & PoC The following URL contains an XSS vector, which causes an alert box to appear https://m.olx.ph/all-results?q=:%27%3E%3Cimg%20src=/%20onerror=alert%28document.domain%29%3E or...

DEBIAN-CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...

UBUNTU-CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...

CVE-2016-4852

YoruFukurou NightOwl before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service application crash via a crafted emoji character sequence...