CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response...

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response...

Information disclosure

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response...

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response...

CVE-2016-4708

CVE-2016-4708 affects CFNetwork across Apple platforms (iOS before 10, OS X before 10.12, tvOS before 10, watchOS before 3). Root cause: input parsing/validation flaw in the Set-Cookie header handling that can disclose sensitive information via a crafted HTTP response. Impact: information disclos...

Cisco Firepower Management Center Software SSLIinspection Bypass Vulnerability

A vulnerability in SSL inspection for Cisco Firepower Management Center software could allow an unauthenticated, remote attacker to bypass configured do-not-decrypt rules in the SSL policy rule set. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a...

Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities

Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...

kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt. The function call is normally restricted to root, however some processes with capsysadmin may also be able to trigger this flaw in privileged container environments...

Design/Logic Flaw

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-6344

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-6344

CVE-2016-6344 affects Red Hat JBoss BRMS 6 and Red Hat JBoss BPM Suite 6, where HttpOnly flags are not set on session cookies. This exposes cookies to access via client-side scripts (XSS), enabling potential information disclosure. Red Hat RHSA-2017:0248/0249 documents a security update for BRMS/...

PHP 5.0.0 'snmpset()' Local Denial of Service Vulnerability

PHP is a new language for writing CGI programs. PHP 5.0.0 'snmpset' local denial of service vulnerability can be exploited by attackers to launch denial of service attacks...

UBUNTU-CVE-2016-7118

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 kernel 3.2.81-1 in Debian wheezy mishandles FSETFL fcntl calls on directories, which allows local users to cause a denial of service NULL pointer dereference and system crash via standard filesystem operations, a...

8 on 1 9: The Shadow-Brokers the leaked file description, technical analysis on-the vulnerability warning-the black bar safety net

! 0x01 exposure data with the equation and NSA relationship From the leaked data packet with the decompressed content to see, specifically for the firewall device attack and penetration action when the use of the tool set. According to the data exposed persons Shadow Brokers described, this packe...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2016-06420)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in IBM WAS,...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

CVE-2016-6136

Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...

CVE-2016-6136

CVE-2016-6136 is a Linux kernel race condition in audit_log_single_execve_arg (auditsc.c) that can allow a local user to bypass character-set restrictions or disrupt system-call auditing via a double-fetch flaw. Connected advisories confirm multiple vendors map this CVE to Linux kernel fixes; rem...