Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. Date published : 2017-02-17 https://sourceforge.net/p/libdwarf/bugs/3/ https://www.prevanders.net/dwarfbug.html#DW201609-002
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. Date published : 2017-02-17 https://sourceforge.net/p/libdwarf/bugs/4/ https://bugzilla.redhat.com/show_bug.cgi?id=1377015
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. Date published :...
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2 http://www.openwall.com/lists/oss-security/2016/08/11/1
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69 http://www.openwall.com/lists/oss-security/2016/08/11/1
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e http://www.openwall.com/lists/oss-security/2016/08/11/1
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271 http://www.openwall.com/lists/oss-security/2016/08/11/1
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 http://www.openwall.com/lists/oss-security/2016/08/11/1
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. Date published : 2017-02-17 https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 http://www.openwall.com/lists/oss-security/2016/08/11/1
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Date published : 2017-02-17 http://www.securityfocus.com/bid/92055 https://bugzilla.suse.com/show_bug.cgi?id=979282
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2)...
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date &...
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds. Date published :...
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. Date published : 2017-02-17 https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5 https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da