Vulnerability & Exploit Database

Displaying entries 161 - 170 of 124311 in total

Ubuntu: USN-3500-1 (CVE-2017-16611): libXfont vulnerability Vulnerability

  • Severity: 4
  • Published: November 28, 2017

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Alpine Linux: CVE-2017-8816: curl Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 28, 2017

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

SUSE: CVE-2014-5118: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: November 28, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2014-5118:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur...

Ubuntu: USN-3498-1 (CVE-2017-8816): curl vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 28, 2017

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

MFSA2017-27 Firefox: Security vulnerabilities fixed in Firefox 57.0.1 (CVE-2017-7843) Vulnerability

  • Severity: 4
  • Published: November 28, 2017

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting.

Debian: CVE-2017-8816: curl -- security update Vulnerability

  • Severity: 4
  • Published: November 28, 2017

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

Alpine Linux: CVE-2017-8817: curl Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: November 28, 2017

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.

FreeBSD: VID-A2589511-D6BA-11E7-88DD-00E04C1EA73D: wordpress -- multiple issues Vulnerability

  • Severity: 4
  • Published: November 28, 2017

wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom...