CVE-2016-6884 (matrixssl)
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
Source: CVE-2016-6884 (matrixssl)
[월:] 2017년 03월
CVE-2015-8813 (umbraco)
CVE-2015-8813 (umbraco)
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
Source: CVE-2015-8813 (umbraco)
CVE-2015-8814 (umbraco)
CVE-2015-8814 (umbraco)
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
Source: CVE-2015-8814 (umbraco)
CVE-2015-8815 (umbraco)
CVE-2015-8815 (umbraco)
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
Source: CVE-2015-8815 (umbraco)
CVE-2016-7406 (dropbear_ssh)
CVE-2016-7406 (dropbear_ssh)
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Source: CVE-2016-7406 (dropbear_ssh)
CVE-2016-7408 (dropbear_ssh)
CVE-2016-7408 (dropbear_ssh)
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
Source: CVE-2016-7408 (dropbear_ssh)
CVE-2016-7409 (dropbear_ssh)
CVE-2016-7409 (dropbear_ssh)
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
Source: CVE-2016-7409 (dropbear_ssh)
CVE-2016-7972 (fedora, leap, libass, opensuse)
CVE-2016-7972 (fedora, leap, libass, opensuse)
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
CVE-2016-7969 (fedora, leap, libass, opensuse)
CVE-2016-7969 (fedora, leap, libass, opensuse)
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
CVE-2016-7970 (fedora, libass)
CVE-2016-7970 (fedora, libass)
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
Source: CVE-2016-7970 (fedora, libass)