CVE-2017-8246

This is an entry in the Common Vulnerability Index under number CVE-2017-8246. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-8246

Description: In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream-runtime-private_data. Later, prtd is freed. However,

Continue Reading …

CVE-2005-0447

This is an entry in the Common Vulnerability Index under number CVE-2005-0447. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2005-0447

Description: Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2018-2696

This is an entry in the Common Vulnerability Index under number CVE-2018-2696. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-2696

Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior.

Continue Reading …

CVE-2018-6623

This is an entry in the Common Vulnerability Index under number CVE-2018-6623. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-6623

Description: An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started.

Continue Reading …

CVE-2008-4161

This is an entry in the Common Vulnerability Index under number CVE-2008-4161. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2008-4161

Description: SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.

Continue Reading …

CVE-2015-0993

This is an entry in the Common Vulnerability Index under number CVE-2015-0993. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2015-0993

Description: Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Continue Reading …

CVE-2016-0734

This is an entry in the Common Vulnerability Index under number CVE-2016-0734. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2016-0734

Description: The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Continue Reading …

CVE-2009-3858

This is an entry in the Common Vulnerability Index under number CVE-2009-3858. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2009-3858

Description: Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.

Continue Reading …

CVE-2005-2269

This is an entry in the Common Vulnerability Index under number CVE-2005-2269. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2005-2269

Description: Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces,

Continue Reading …

CVE-2010-5284

This is an entry in the Common Vulnerability Index under number CVE-2010-5284. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2010-5284

Description: Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php,

Continue Reading …