HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030. Date published :...
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. Date...
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041,...
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. Date published...
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42...
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote...
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit...
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. Date published : 2016-06-07 http://www.securityfocus.com/bid/76784...
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. Date published : 2016-06-07 http://www.securityfocus.com/archive/1/536575/100/0/threaded https://blogs.apache.org/james/entry/apache_james_server_2_3
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before...
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Date published : 2016-06-07...
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands...
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. Date published : 2016-06-07 https://bugzilla.redhat.com/show_bug.cgi?id=1256728...
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. Date...