CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
Source: CVE-2016-1000126
[월:] 2016년 10월
CVE-2016-8101 (solid-state_drive_toolbox)
CVE-2016-8101 (solid-state_drive_toolbox)
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
CVE-2016-8101
CVE-2016-8101
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
Source: CVE-2016-8101
CVE-2016-8100 (integrated_performance_primitives)
CVE-2016-8100 (integrated_performance_primitives)
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
CVE-2016-8100
CVE-2016-8100
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
Source: CVE-2016-8100
CVE-2016-7423 (qemu)
CVE-2016-7423 (qemu)
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
Source: CVE-2016-7423 (qemu)
CVE-2016-7423
CVE-2016-7423
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
Source: CVE-2016-7423
CVE-2016-7099 (linux_enterprise, node.js)
CVE-2016-7099 (linux_enterprise, node.js)
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2016-7099
CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Source: CVE-2016-7099
CVE-2016-5325 (linux_enterprise, node.js)
CVE-2016-5325 (linux_enterprise, node.js)
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.