CVE-2017-8493

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka...

SUSE SLED12 / SLES12 Security Update : openldap2 (SUSE-SU-2017:1567-1)

This update for openldap2 fixes the following issues: Security issues fixed : - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed bsc1041764 Non security bugs fixed : - Let OpenLDAP read system-wide certificates by default and don't hide the...

PT-2017-19106 · Gnu +1 · Gnuplot +1

Name of the Vulnerable Software and Affected Versions: gnuplot version 5.2.rc1 Description: The issue is related to an uninitialized stack variable vulnerability in the load tic series function in set.c. This vulnerability can be exploited when a victim opens a specially crafted file, potentially...

SUSE-SU-2017:1567-1 Security update for openldap2

This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed bsc1041764 Non security bugs fixed: - Let OpenLDAP read system-wide certificates by default and don't hide the erro...

openSUSE Security Update : postgresql93 (openSUSE-2017-657)

This update for postgresql93 fixes the following issues : The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes : - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 -...

CVE-2014-9942

In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist...

Simple Slideshow Manager <= 2.3 – Multiple Vulnerabilities

The Simple Slideshow Manager WordPress plugin was affected by security vulnerability. 3.1 Cross-Site Scripting Vulnerable Function: echo Vulnerable Variable: $GET'name' Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=Acurax-Slideshow-AddImages&name="alert42 3.2 Cross-Site...

WebKit FrameLoader::clear Variable Theft

WebKit: Stealing variables via page navigation in FrameLoader::clear CVE-2017-2515 void FrameLoader::clearDocument newDocument, bool clearWindowProperties, bool clearScriptObjects, bool clearFrameView mframe.editor.clear; if !mneedsClear return; mneedsClear = false; if...

ALPINE-CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

UBUNTU-CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

CVE-2015-5682

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable...

CVE-2015-5682

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable...

CVE-2017-9098

It was discovered that ImageMagick does not properly guarantee that initialized memory is used when reading RLE images. A remote attacker could possibly exploit this flaw to disclose potentially sensitive memory contents by, for example, tricking ImageMagick into converting a specially crafted RL...

Race condition

In coreinforead and instinforead in all Android releases from CAF using the Linux kernel, variable "dbgbuf", "dbgbuf-curr" and "dbgbuf-filledsize" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race condition...

CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

HTTPoxy Vulnerability

net/http/cgi and net/http in github.com/golang/go is vulnerable to httpoxy attacks. The vulnerability exists because it trusts the HTTPPROXY environment variable, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in us...

CVE-2017-7476

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...

Heap overflow

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...