9569 matches found
ALPINE-CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable...
CVE-2016-3658
CVE-2016-3658 affects LibTIFF 4.0.6 and earlier, where TIFFWriteDirectoryTagLongLong8Array in tif_dirwrite.c (tiffset tool) enables remote out-of-bounds reads, causing denial of service. Mitigation: upgrade LibTIFF to 4.0.7 or newer (see Debian/Arch advisories and upstream fixes).
UBUNTU-CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tifdirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read via vectors involving the ma variable...
SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2388-1)
This update for OpenSSH fixes the following issues : - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc97063...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Code injection
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
UBUNTU-CVE-2016-4758
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site...
Code injection
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4758
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site...
CVE-2016-4748
CVE-2016-4748 describes a localPrivilege bypass in Perl on macOS OS X before 10.12, where taint-mode protection can be bypassed via a crafted environment variable. The vulnerability affects Perl within macOS/OS X and is documented in Appleās security content for macOS Sierra 10.12. The connected ...
CVE-2016-4748
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...
KLA10877 Multiple vulnerabilities in iTunes
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. Multiple unknown...
Updated golang package fixes security vulnerability
Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...
PHPOK V4.5.031 SQL Injection Vulnerability in $_SERVER Variable
PHPOK is a website building system to achieve highly customized open source free website building system. PHPOK V4.5.031 SQL injection vulnerability exists in the $SERVER variable. Allows attackers to exploit the vulnerability to obtain sensitive database information...
Mozilla: Bad cast in nsImageGeometryMixin (MFSA 2016-85, MFSA 2016-86)
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site...