358 matches found
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
[SECURITY] Fedora 25 Update: qpdf-6.0.0-6.fc25
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
[SECURITY] Fedora 26 Update: qpdf-6.0.0-8.fc26
QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It includes support for merging and splitting PDFs and to manipulate the list of pages in a PDF file. It is not a PDF viewer or a program...
RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:2469)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2469 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java...
CVE-2017-11216
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format EMF data related to bitmap transformations...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
USN-3175-1 firefox vulnerabilities
Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. CVE-2017-5373, CVE-2017-5374 JIT code allocation c...
UBUNTU-CVE-2017-5376
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...
UBUNTU-CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...
Design/Logic Flaw
XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...
CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...
openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)
This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...
Complex Code Reuse Attacks: ROPMEMU
ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks Talos has developed ROPMEMU, a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form...
The vulnerability of the XSLTResult class implementation in the Apache Struts software platform allows attackers to execute arbitrary code.
The vulnerability of the XSLTResult class implementation in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the stylesheetLocation parameter...
The vulnerability of the Junos operating system, which allows a hacker to bypass the cryptographic mechanisms used for encryption and authentication protection.
The vulnerability of the Junos operating system is related to errors in cryptographic transformations. Exploiting this vulnerability allows a malicious actor to bypass the cryptographic mechanisms used for encryption and authentication...