RSS   Vulnerabilities for 'Linux enterprise'   RSS

2018-07-23
 
CVE-2018-14523

CWE-119
 

 
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

 
 
CVE-2018-14522

CWE-119
 

 
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

 
2017-04-12
 
CVE-2016-9959

CWE-787
 

 
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

 
 
CVE-2016-9958

CWE-119
 

 
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

 
 
CVE-2016-9957

CWE-119
 

 
Stack-based buffer overflow in game-music-emu before 0.6.1.

 
2017-02-03
 
CVE-2016-8569

CWE-476
 

 
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

 
 
CVE-2016-8568

CWE-125
 

 
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

 
2016-12-23
 
CVE-2016-7966

 

 
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

 
2016-10-10
 
CVE-2016-7099

CWE-19
 

 
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

 
 
CVE-2016-5325

CWE-113
 

 
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

 


Copyright 2019, cxsecurity.com

 

Back to Top