Vulnerability & Exploit Database

Displaying vulnerability details 41 - 50 of 73580 in total

FreeBSD: gitlab -- privilege escalation via "impersonate" feature (CVE-2016-4340) Vulnerability

  • Severity: 4
  • Published: May 01, 2016

GitLab reports: During an internal code review, we discovered a critical security flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2, this feature was intended to allow an administrator to simulate being logged in as any other user. A part of this feature was not properly secured and it was p...

Debian: DSA-3565 (CVE-2015-5726): botan1.10 -- security update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3565:

Several security vulnerabilities were found in botan1.10, a C++

library which provides support for many common cryptographic

...

Debian: DSA-3564 (CVE-2016-1665): chromium-browser -- security update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3564:

Several vulnerabilities have been discovered in the chromium web browser.

Ubuntu: USN-2957-2 (Multiple Advisories) (CVE-2016-4008): Libtasn1 vulnerability Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-2957-1:

Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly ...

Debian: DSA-3564 (CVE-2016-1663): chromium-browser -- security update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3564:

Several vulnerabilities have been discovered in the chromium web browser.

SUSE: CVE-2016-3137: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: May 01, 2016

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.

Ubuntu: USN-2936-2: Oxygen-GTK3 update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to crash on startup with the Oxygen GTK theme due to a pre-existing bug in the Oxygen-GTK3 theme engine. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Christian Holler, Tyson Smith, Phil ...

Debian: DSA-3565 (CVE-2016-2195): botan1.10 -- security update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3565:

Several security vulnerabilities were found in botan1.10, a C++

library which provides support for many common cryptographic

...

Debian: DSA-3565 (CVE-2015-7827): botan1.10 -- security update Vulnerability

  • Severity: 4
  • Published: May 01, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-3565:

Several security vulnerabilities were found in botan1.10, a C++

library which provides support for many common cryptographic

...

SUSE: CVE-2016-2185: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: May 01, 2016

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.