Lucene search
K

772 matches found

UbuntuCve
UbuntuCve
added 2016/10/03 12:0 a.m.29 views

CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.8CVSS7.4AI score0.08583EPSS
Exploits0References3
OSV
OSV
added 2016/10/03 12:0 a.m.4 views

UBUNTU-CVE-2016-5180

Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds write or possibly execute arbitrary code via a hostname with an escaped trailing dot...

9.8CVSS7.4AI score0.08583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/09/29 4:47 p.m.40 views

CVE-2016-5180

A vulnerability was found in c-ares. A hostname with an escaped trailing dot such as "hello\." would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could...

9.8CVSS1.6AI score0.08583EPSS
Exploits0References2
OSV
OSV
added 2016/08/02 2:59 p.m.4 views

ALPINE-CVE-2016-1238

1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10 cpan/Encode/bin/unidump, 11...

7.8CVSS7.1AI score0.00779EPSS
Exploits0References1
OSV
OSV
added 2016/07/11 1:59 a.m.4 views

UBUNTU-CVE-2015-8892

platform/msmshared/bootverifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998...

7.8CVSS7.3AI score0.00551EPSS
Exploits0References4
android
android
added 2016/07/01 12:0 a.m.36 views

CVE-2015-8892

platform/msmshared/bootverifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998...

9.3CVSS6.7AI score0.00551EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/11/04 12:10 p.m.4 views

Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting XSS attacks, by appending whitespace characters to an IP address string...

7.5CVSS7.2AI score0.03097EPSS
Exploits0References5
CNVD
CNVD
added 2015/10/30 12:0 a.m.3 views

Arbitrary File Upload Vulnerability in Wisdom Governance Cloud Platform of Hangzhou Fuli Computer Software Co.

Hangzhou fu li computer software limited company wisdom governance cloud platform is is the wisdom of the street solution. There is an arbitrary file upload vulnerability in the intelligent governance cloud platform of Hangzhou Fuli Computer Software Co. As the background of the intelligent...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/25 8:9 a.m.3 views

chromium-browser: Normalization error in HSTS/HPKP preload list

The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...

4.3CVSS7.4AI score0.01758EPSS
Exploits0References5
OSV
OSV
added 2015/02/25 12:0 a.m.3 views

UBUNTU-CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS6.9AI score0.01052EPSS
Exploits0References6
OSV
OSV
added 2015/02/20 11:59 a.m.3 views

DEBIAN-CVE-2014-5355

MIT Kerberos 5 aka krb5 through 1.13.1 incorrectly expects that a krb5readmessage data field is represented as a string ending with a '\0' character, which allows remote attackers to 1 cause a denial of service NULL pointer dereference via a zero-byte version string or 2 cause a denial of service...

5CVSS6.7AI score0.04587EPSS
Exploits0References1
Mageia
Mageia
added 2014/11/26 10:14 a.m.25 views

Updated perl-Plack package fixes security vulnerability

Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...

5CVSS6.3AI score0.02455EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.87 views

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

0.4AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2014/09/30 12:0 a.m.7 views

VulnCheck KEV: CVE-2014-7169

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

10CVSS7.4AI score0.99999EPSS
Exploits140References1
Tenable Nessus
Tenable Nessus
added 2014/09/25 12:0 a.m.87 views

Ubuntu 14.04 LTS : Bash vulnerability (USN-2362-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2362-1 advisory. Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment...

10CVSS8.7AI score0.99999EPSS
Exploits131References2
OSV
OSV
added 2014/09/24 3:40 p.m.3 views

USN-2362-1 bash vulnerability

Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments...

10CVSS7.3AI score0.99999EPSS
Exploits131References2
OSV
OSV
added 2014/09/24 12:0 a.m.9 views

DLA-61-1 libplack-perl - security update

Bulletin has no description...

5CVSS6AI score0.02455EPSS
Exploits0
OSV
OSV
added 2014/09/20 10:55 a.m.1 views

DEBIAN-CVE-2014-6425

The 1 getquotedstring and 2 getunquotedstring functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service buffer over-read and application crash via a CUPS packet that lacks a trailing '\0' character...

5CVSS7.3AI score0.02811EPSS
Exploits0References1
OSV
OSV
added 2014/09/04 5:55 p.m.2 views

DEBIAN-CVE-2014-5269

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...

5CVSS6.6AI score0.02455EPSS
Exploits0References1
NVD
NVD
added 2014/08/25 1:55 a.m.21 views

CVE-2014-0973

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

7.2CVSS6.7AI score0.00384EPSS
Exploits0References2
Rows per page
Query Builder