zeroday.info

Home    Types of vulnerabilities    Find by year

August 25, 2016

Permissions, privileges, and access control vulnerability in Cisco AnyConnect Secure Mobility Client 2.5.0217

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
Reference   


August 19, 2016

Debian Linux 8.0 (Jessie)

Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Reference   


August 19, 2016

Buffer overflow vulnerability in Debian Linux 8.0 (Jessie)

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
Reference   


August 18, 2016

Buffer overflow vulnerability in Cisco Adaptive Security Appliance (ASA) Software 8.0.2.15

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
Reference   


August 12, 2016

Debian Linux 8.0 (Jessie)

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Reference   


August 12, 2016

Debian Linux 8.0 (Jessie)

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Reference   


August 12, 2016

Debian Linux 8.0 (Jessie)

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Reference   


August 12, 2016

Buffer overflow vulnerability in Debian Linux 8.0 (Jessie)

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Reference   


August 12, 2016

Debian Linux 8.0 (Jessie)

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Reference   


August 10, 2016

Information leak/disclosure vulnerability in Debian Linux 8.0 (Jessie)

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
Reference   


August 10, 2016

Cryptographic vulnerability in Debian Linux 8.0 (Jessie)

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Reference   


August 10, 2016

Debian Linux 8.0 (Jessie)

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Reference   


August 10, 2016

Debian Linux 8.0 (Jessie)

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
Reference   


August 09, 2016

Buffer overflow vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability."
Reference   


August 09, 2016

Information leak/disclosure vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."
Reference   


August 09, 2016

Information leak/disclosure vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.
Reference   


August 09, 2016

Information leak/disclosure vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
Reference   


August 09, 2016

Information leak/disclosure vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
Reference   


August 09, 2016

Information leak/disclosure vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."
Reference   


August 09, 2016

Buffer overflow vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability."
Reference   


Next page
Privacy Policy    Glossary