9592 matches found
Memory corruption
Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...
CVE-2017-1000494
CVE-2017-1000494 affects MiniUPnPd (miniupnpd) versions prior to 2.0, due to an uninitialized stack variable in NameValueParserEndElt (upnpreplyparse.c). This leads to Denial of Service (segmentation fault/memory corruption) and may have other impacts. Public advisories confirm remediation by upg...
CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...
UBUNTU-CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...
CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...
CVE-2017-17857
The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations...
ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath
The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...
Sql injection
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...
CVE-2018-3811
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...
CVE-2017-17857
The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations...
CVE-2017-17857
The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations...
Memory corruption
The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations...
GNU GLOBAL 'gozilla.c' Arbitrary Code Execution Vulnerability
GNU GLOBAL is a software tool used to label program code for easy reading. An arbitrary code execution vulnerability exists in the GNU GLOBAL 'gozilla.c' handling of the BROWSER environment variable, which can be exploited by a remote attacker to submit a special URL request to execute arbitrary...
CVE-2017-17857
The checkstackboundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations...
F5 Networks BIG-IP : OpenSSH vulnerability (K20911042)
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
ComScore direct tag - Less critical - Cross site scripting - SA-CONTRIB-2017-095
This module enables you to use the comScore Direct analytics system on a site. The module doesn't sufficiently sanitize one of the configuration variables prior to rendering it. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer comScore...
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issue is in jscript!JsArraySlice Array.prototype.slice.call in the P...
WIndows jscript!JsArraySlice Uninitialized Variable
Windows: Uninitialized variable in jscript!JsArraySlice CVE-2017-11855 There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet Explorer. - currently untested An attacker on t...
Zoom Linux Client 2.0.106600.0904 Buffer Overflow
CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...
KildClient Parameter Injection Vulnerability
KildClient is a MUD client written in GTK+ Window Toolkit. A parameter injection vulnerability exists in KildClient 3.1.0. The vulnerability arises because KildClient does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker can exploit...