CVE-2016-9680 (provisioning_services)
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.
[월:] 2017년 01월
CVE-2016-9679 (provisioning_services)
CVE-2016-9679 (provisioning_services)
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
CVE-2016-9679
CVE-2016-9679
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
Source: CVE-2016-9679
CVE-2016-9680
CVE-2016-9680
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors.
Source: CVE-2016-9680
CVE-2016-10086 (service_desk_management, service_desk_manager)
CVE-2016-10086 (service_desk_management, service_desk_manager)
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
Source: CVE-2016-10086 (service_desk_management, service_desk_manager)
CVE-2016-6497 (groovy)
CVE-2016-6497 (groovy)
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Source: CVE-2016-6497 (groovy)
CVE-2016-6271 (bzrtp)
CVE-2016-6271 (bzrtp)
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
Source: CVE-2016-6271 (bzrtp)
CVE-2016-6283 (confluence)
CVE-2016-6283 (confluence)
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
Source: CVE-2016-6283 (confluence)
CVE-2016-3406 (zimbra_collaboration_suite)
CVE-2016-3406 (zimbra_collaboration_suite)
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
CVE-2016-3412 (zimbra_collaboration_suite)
CVE-2016-3412 (zimbra_collaboration_suite)
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.