CVE-2017-13697

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2017:1916 An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Code injection

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...

CVE-2017-13130

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...

CVE-2017-13130

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...

DEBIAN-CVE-2017-12960

There is a reachable assertion abort in the function dictrenamevar in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service...

Design/Logic Flaw

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory...

CVE-2014-9979

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory...

phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Linux

phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Oniguruma library, related to the use of an uninitialized variable, which allows for memory corruption to occur.

The vulnerability of the Oniguruma library arises from an incorrect change in the state of the parsecharclass function. This allows for the use of an uninitialized variable during writing to the buffer. Exploiting this vulnerability could enable a malicious actor to cause memory corruption by...

phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Windows

phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Oniguruma library, which arises from the use of an uninitialized variable, allows a hacker to perform read operations beyond the buffer boundary in dynamic memory.

The vulnerability of the Oniguruma library exists due to incorrect processing of reg-dmin in the forwardsearchrange function. This allows the use of an uninitialized variable during data reading from the buffer. Exploiting this vulnerability could enable a malicious actor to read beyond the...

The vulnerability of the Oniguruma library, which arises from the use of an uninitialized variable and allows for memory corruption to occur.

The vulnerability of the Oniguruma library arises from an improper change in the state of the parsecharclass function. This allows for the use of an uninitialized variable during writing to the buffer. Exploiting this vulnerability could enable a malicious actor to cause memory corruption by...

openSUSE Security Update : openldap2 (openSUSE-2017-936)

This update for openldap2 fixes the following issues : - Let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read boo1009470. - Fix CVE-2017-9287: openldap2: Double free vulnerability with patch boo1041764 - Fix an...

Microsoft Edge Chakra - 'PreVisitCatch' Missing Call

root-sxFnc.pnodeVars; pnode; pnode = pnode-sxVar.pnodeNext Symbol sym = pnode-sxVar.sym; if sym != nullptr && !pnode-sxVar.isBlockScopeFncDeclVar && sym-GetIsBlockVar if sym-GetIsCatch || pnode-nop == knopVarDecl && sym-GetIsBlockVar ... sym = funcInfo-bodyScope-FindLocalSymbolsym-GetName;...

D-Link DIR Series Router Authentication Information Disclosure Vulnerability

The DIR series is a series of cloud router products from AUO D-Link. The D-Link DIR series routers are vulnerable to an information disclosure vulnerability that remotely bypasses authentication by triggering a global variable when an administrator logs into the device. Therefore, an attacker can...

CVE-2015-0783

The FileViewer class in Novell ZENworks Configuration Management ZCM allows remote authenticated users to read arbitrary files via the filename variable...

CVE-2015-0784

Rtrlet.class in Novell ZENworks Configuration Management ZCM allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable...

CVE-2015-0784

This CVE affects Novell ZENworks Configuration Management (ZCM). The vulnerability is in Rtrlet.class, where a remote attacker can obtain Session IDs of logged-in users by sending a POST request with the maintenance variable set to ShowLogins. The issue is an information-disclosure flaw; exploita...

CVE-2015-0784

Rtrlet.class in Novell ZENworks Configuration Management ZCM allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable...