20 matches found
CVE-2016-7103
CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).
CVE-2017-10268
CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...
CVE-2017-10378
CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...
CVE-2017-3653
CVE-2017-3653 affects the MySQL Server component (subcomponent: Server: DDL) in Oracle MySQL. Affected: MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. Description in connected advisories confirms the vulnerability is exploitable with network access via multi...
CVE-2017-3651
CVE-2017-3651 affects Oracle MySQL Server’s Client mysqldump component. Affected releases include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described in multiple advisories as a vulnerability that enables a low-privileged, network-accessing attacker to perform u...
CVE-2017-3641
CVE-2017-3641 details (normal mode) : A vulnerability in the MySQL Server component (subcomponent: Server: DML) affecting MariaDB/MySQL Server. Affected versions include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described as exploitable by a high-privilege attac...
CVE-2017-10384
CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...
CVE-2017-3636
CVE-2017-3636 affects the MySQL/MariaDB stack (MySQL Server component, subcomponent: Client programs). Public details in connected documents confirm affected versions include 5.5.56 and earlier and 5.6.36 and earlier (as per initial). The vulnerability is exploitable with low privileges and local...
CVE-2017-10379
CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...
CVE-2017-10664
CVE-2017-10664 affects qemu-nbd in QEMU. The issue arises because SIGPIPE is not ignored, allowing remote attackers to trigger a denial of service (daemon crash) by disconnecting during a server-to-client reply. The vulnerability is referenced across multiple advisories and Nessus plugins (e.g., ...
CVE-2017-5973
Technical details about CVE-2017-5973 are not publicly provided in the connected documents. Available records reference QEMU's xhci_kick_epctx vulnerability but do not expose deeper data (affected versions, exploit info, or fixes). Monitor for updates.
CVE-2017-8309
CVE-2017-8309 refers to a memory leak in QEMU’s audio subsystem (audio.c) that can be exploited remotely to cause a denial of service by repeatedly starting and stopping audio capture. The initial description explicitly states the issue and impact. Connected sources list the CVE in vendor advisor...
CVE-2017-7980
CVE-2017-7980 detailed : A heap-based buffer overflow in QEMU’s Cirrus CLGD 54xx VGA Emulator (Cirrus CLGD 54xx) used with Quick Emulator/ QEMU up to version 2.8 enables a local privileged guest to execute arbitrary code or cause a denial of service by exploiting a vulnerability when a VNC client...
CVE-2017-8379
CVE-2017-8379 is a memory-leak issue in QEMU keyboard input event handling that can allow a local privileged guest user to exhaust host memory and cause a denial of service. The vulnerability is listed among fixes in Red Hat RHSA-2017:2408, which notes remediation by rebasing to QEMU 2.9.0 and re...
CVE-2008-7313
CVE-2008-7313 concerns the Snoopy library’s _httpsrequest function, where remote attackers could execute arbitrary commands due to an incomplete fix for CVE-2008-4796. The issue is noted across multiple sources (Debian security tracker, Gentoo GLSA, IBM PowerKVM advisories, and CVE listings), oft...
CVE-2017-9214
Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...
CVE-2016-6519
OpenStack Manila CVE-2016-6519 is a cross-site scripting (XSS) vulnerability in the Shares overview. The flaw allows remote authenticated users to inject arbitrary HTML/JavaScript via the Metadata field in the Create Share form, affecting Manila prior to 2.5.1. The issue arises in the web UI comp...
CVE-2014-5008
CVE-2014-5008: Snoopy in Nagios could allow remote command execution due to an incomplete fix related to escaping in the Snoopy library. Public advisories (Red Hat RHSA-2017-0214, IBM PowerKVM bulletin, Debian DLA-357-1, Amazon ALAS-2017-899) associate the issue with Nagios/Snoopy and provide upd...
CVE-2017-10906
Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...
CVE-2014-5009
CVE-2014-5009 is a remote command-execution vulnerability in Snoopy used by Nagios. It arises from an incomplete fix for CVE-2014-5008 and is reported with high-severity scores (CVSS v3.0 up to 9.8 in the NVD entry). The provided documents identify Nagios/Nagios Core and Snoopy as the affected co...