8202 matches found
Virglrenderer Denial of Service Vulnerability (CNVD-2017-02435)
Virglrenderer is a library for maintaining API stability in Virgil 3d projects. A denial of service vulnerability exists in Virglrenderer. An attacker could exploit this vulnerability to launch a denial of service attack...
Lithium Forum Server-Side Request Forgery
Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...
USN-3199-2 Python Crypto regression
USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...
Ubuntu 14.04 LTS / 16.04 LTS : Python Crypto vulnerability (USN-3199-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3199-1 advisory. It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability....
USN-3199-1: Python Crypto vulnerability
It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...
USN-3199-1 Python Crypto vulnerability
It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...
Apple macOS Sierra IOAudioFamily Memory Leak Vulnerability
Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers.IOAudioFamily is one of the input and output audio components. A memory leak vulnerability exists in IOAudioFamily in Apple macOS Sierra. An attacker can exploit this vulnerability to obtain kernel memory...
USB Key Cleaner: CIRCLean
USB Key Cleaner Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection. CIRCLean is an independent hardware solution to clean documents from untrusted obtained USB keys / USB sticks. The device automatically converts untrusted documents in...
Nitro Pro Remote Code Execution Vulnerability
Nitro Pro is a U.S. company Nitro PDF production and management software. A remote code execution vulnerability exists in the PDF parsing feature of Nitro Pro 10. An attacker could exploit the vulnerability to send a specific PDF file to the victim, leading to potential code execution...
Memory corruption
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability...
[SECURITY] Fedora 25 Update: libwmf-0.2.8.4-50.fc25
A library for reading and converting Windows MetaFile vector graphics WMF...
BitlBee Denial of Service Vulnerability
BitlBee is an irc server. A denial of service vulnerability exists in BitlBee. An attacker could exploit this vulnerability to cause a denial of service...
Google Android Filesystem Information Disclosure Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Google Android Filesystem. Attackers can use this vulnerability to obtain sensitive information and launch further attacks...
GStreamer gst-plugins-base denial of service vulnerability (CNVD-2017-01449)
GStreamer is a set of frameworks for handling streaming media. A denial of service vulnerability exists in GStreamer gst-plugins-base, which allows remote attackers to cause a denial of service stack overflow and crash via a nested WAVEFORMATEX vector...
UBUNTU-CVE-2017-5180
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option...
Arbitrary file deletion
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
UBUNTU-CVE-2016-7446
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...