CVE-2016-4546
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
Source: CVE-2016-4546
[월:] 2017년 02월
CVE-2016-8659
CVE-2016-8659
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.
Source: CVE-2016-8659
CVE-2016-2788
CVE-2016-2788
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
Source: CVE-2016-2788
CVE-2016-8859
CVE-2016-8859
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
Source: CVE-2016-8859
CVE-2016-5100
CVE-2016-5100
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
Source: CVE-2016-5100
CVE-2016-2568
CVE-2016-2568
pkexec, when used with –user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer.
Source: CVE-2016-2568
CVE-2016-3616
CVE-2016-3616
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
Source: CVE-2016-3616
CVE-2015-8771
CVE-2015-8771
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
Source: CVE-2015-8771
CVE-2014-9760
CVE-2014-9760
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.
Source: CVE-2014-9760
CVE-2016-6210
CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Source: CVE-2016-6210