CVE-2015-5228
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
Source: CVE-2015-5228
[월:] 2016년 06월
CVE-2014-9747 (debian_linux, freetype)
CVE-2014-9747 (debian_linux, freetype)
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.
CVE-2014-9747
CVE-2014-9747
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.
Source: CVE-2014-9747
CVE-2014-9746 (debian_linux, freetype)
CVE-2014-9746 (debian_linux, freetype)
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.
CVE-2014-8177 (gluster_storage_management_console, gluster_storage_server, storage_native_client)
CVE-2014-8177 (gluster_storage_management_console, gluster_storage_server, storage_native_client)
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.
Source: CVE-2014-8177 (gluster_storage_management_console, gluster_storage_server, storage_native_client)
CVE-2015-5041 (java_sdk, linux_enterprise_server, linux_enterprise_software_development_kit, websphere_application_server)
CVE-2015-5041 (java_sdk, linux_enterprise_server, linux_enterprise_software_development_kit, websphere_application_server)
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
CVE-2015-5041
CVE-2015-5041
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
Source: CVE-2015-5041
CVE-2016-1703 (chrome)
CVE-2016-1703 (chrome)
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Source: CVE-2016-1703 (chrome)
CVE-2016-1703
CVE-2016-1703
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Source: CVE-2016-1703
CVE-2016-1702 (chrome)
CVE-2016-1702 (chrome)
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
Source: CVE-2016-1702 (chrome)