Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet....
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by...
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference,...
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content–>News–>Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. Date published : 2017-03-24 http://www.securityfocus.com/bid/97205 http://www.03i0.com/index.php/archives/113/
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content–>News–>Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. Date published : 2017-03-24 http://www.securityfocus.com/bid/97204 http://www.03i0.com/index.php/archives/113/
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content–>News–>Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. Date published : 2017-03-24 http://www.securityfocus.com/bid/97203 http://www.03i0.com/index.php/archives/113/
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Date published : 2017-03-24 http://www.securityfocus.com/bid/97193 https://gist.github.com/k1rh4/25dcb124aef2a8a2a5f4677d64d1998b
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be...
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of...
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a ‘system’ entrypoint from fbudf.so. Date published : 2017-03-24 http://www.securityfocus.com/bid/97070...
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the...
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the...
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. Date published...
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. Date published : 2017-03-24 http://www.securityfocus.com/bid/95746 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851374