Page 25 of 154 results (0.014 seconds)

CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0

CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c

https://notcve.org/view.php?id=CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •

CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-9842 – zlib: Undefined left shift of negative number

https://notcve.org/view.php?id=CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/&# •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3080 – spacewalk-monitoring: XSS issue in monitoring probe

https://notcve.org/view.php?id=CVE-2016-3080

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes. Vulnerabilidad de XSS en spacewalk-java en Red Hat Satellite 5.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) RHNMD User o (2) Filesystem, relacionado con la visualización de sondas de monitorización. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data. • http://rhn.redhat.com/errata/RHSA-2016-1484.html https://bugzilla.redhat.com/show_bug.cgi?id=1320942 https://access.redhat.com/security/cve/CVE-2016-3080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3097 – spacewalk-java: Multiple XSS flaws

https://notcve.org/view.php?id=CVE-2016-3097

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. Vulnerabilidad de XSS en spacewalk-java en Red Hat Satellite 5.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de grupo, relacionado con la visualización de datos snapshot. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data. • http://rhn.redhat.com/errata/RHSA-2016-1484.html https://bugzilla.redhat.com/show_bug.cgi?id=1322747 https://access.redhat.com/security/cve/CVE-2016-3097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 37EXPL: 0

CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM

https://notcve.org/view.php?id=CVE-2016-0264

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •