CVE-2016-5039
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.
Source: CVE-2016-5039
[월:] 2017년 02월
CVE-2016-5040
CVE-2016-5040
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.
Source: CVE-2016-5040
CVE-2016-5042
CVE-2016-5042
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
Source: CVE-2016-5042
CVE-2016-6252
CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
Source: CVE-2016-6252
CVE-2016-6191
CVE-2016-6191
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
Source: CVE-2016-6191
CVE-2016-5044
CVE-2016-5044
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
Source: CVE-2016-5044
CVE-2014-9905
CVE-2014-9905
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
Source: CVE-2014-9905
CVE-2017-5007 (chrome)
CVE-2017-5007 (chrome)
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Source: CVE-2017-5007 (chrome)
CVE-2017-5006 (chrome)
CVE-2017-5006 (chrome)
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Source: CVE-2017-5006 (chrome)
CVE-2017-5011 (chrome)
CVE-2017-5011 (chrome)
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
Source: CVE-2017-5011 (chrome)