Summary
Detail | |||
---|---|---|---|
Vendor | Oracle | First view | 2015-05-27 |
Product | Linux | Last view | 2016-09-28 |
Version | 5.0 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:oracle:linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2016-09-28 | CVE-2016-2776 | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. |
5.5 | 2016-08-04 | CVE-2016-5265 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. |
8.8 | 2016-08-04 | CVE-2016-5264 | Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. |
8.8 | 2016-08-04 | CVE-2016-5263 | The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." |
6.1 | 2016-08-04 | CVE-2016-5262 | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. |
8.8 | 2016-08-04 | CVE-2016-5259 | Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. |
8.8 | 2016-08-04 | CVE-2016-5258 | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. |
9.8 | 2016-08-04 | CVE-2016-5254 | Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items. |
8.8 | 2016-08-04 | CVE-2016-5252 | Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations. |
6.3 | 2016-08-04 | CVE-2016-2837 | Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. |
9.6 | 2016-07-21 | CVE-2016-3610 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. |
9.6 | 2016-07-21 | CVE-2016-3598 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. |
4.3 | 2016-07-21 | CVE-2016-3550 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. |
5.3 | 2016-07-21 | CVE-2016-3508 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. |
5.3 | 2016-07-21 | CVE-2016-3500 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. |
4.3 | 2016-07-21 | CVE-2016-3458 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. |
8.1 | 2016-07-18 | CVE-2016-5387 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
5.5 | 2016-06-27 | CVE-2016-4470 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. |
5.9 | 2016-04-21 | CVE-2016-0695 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. |
8.8 | 2016-03-13 | CVE-2016-2802 | The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
8.8 | 2016-03-13 | CVE-2016-2801 | The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. |
8.8 | 2016-03-13 | CVE-2016-2800 | The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. |
8.8 | 2016-03-13 | CVE-2016-2799 | Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. |
8.8 | 2016-03-13 | CVE-2016-2798 | The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. |
8.8 | 2016-03-13 | CVE-2016-2797 | The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
54% (20) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10% (4) | CWE-416 | Use After Free |
5% (2) | CWE-254 | Security Features |
5% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
5% (2) | CWE-20 | Improper Input Validation |
5% (2) | CWE-19 | Data Handling |
2% (1) | CWE-704 | Incorrect Type Conversion or Cast |
2% (1) | CWE-284 | Access Control (Authorization) Issues |
2% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (1) | CWE-200 | Information Exposure |
2% (1) | CWE-17 | Code |
Snort® IPS/IDS
Date | Description |
---|---|
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46781 - Type : BROWSER-FIREFOX - Revision : 2 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46767 - Type : BROWSER-FIREFOX - Revision : 4 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46766 - Type : BROWSER-FIREFOX - Revision : 2 |
2018-06-21 | Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt RuleID : 46765 - Type : BROWSER-FIREFOX - Revision : 2 |
2017-01-12 | Nitro Pro PDF Reader out of bounds write attempt RuleID : 41197 - Type : FILE-PDF - Revision : 5 |
2017-01-12 | Nitro Pro PDF Reader out of bounds write attempt RuleID : 41196 - Type : FILE-PDF - Revision : 5 |
2016-11-08 | Mozilla Firefox CSP report-uri arbitrary file write attempt RuleID : 40363 - Type : BROWSER-FIREFOX - Revision : 2 |
2016-11-08 | ISC BIND isc__buffer_add assertion failure denial of service attempt RuleID : 40344 - Type : PROTOCOL-DNS - Revision : 2 |
2016-07-28 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2 |
2016-08-31 | HttpOxy CGI application vulnerability potential man-in-the-middle attempt RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO |
2017-11-03 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2017-004.nasl - Type: ACT_GATHER_INFO |
2017-10-03 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13.nasl - Type: ACT_GATHER_INFO |
2017-08-03 | Name: The remote AIX host has a version of bind installed that is affected by a den... File: aix_bind_advisory10.nasl - Type: ACT_GATHER_INFO |
2017-08-03 | Name: The remote AIX host has a version of bind installed that is affected by multi... File: aix_bind_advisory13.nasl - Type: ACT_GATHER_INFO |
2017-07-20 | Name: An enterprise management application installed on the remote host is affected... File: oracle_enterprise_manager_jul_2017_cpu.nasl - Type: ACT_GATHER_INFO |
2017-06-26 | Name: The Tenable SecurityCenter application on the remote host contains a web serv... File: securitycenter_apache_2_4_25.nasl - Type: ACT_GATHER_INFO |
2017-05-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1216.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1002.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1015.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2016-1030.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1032.nasl - Type: ACT_GATHER_INFO |
2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1043.nasl - Type: ACT_GATHER_INFO |
2017-04-21 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO |
2017-04-03 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO |
2017-03-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_12_4.nasl - Type: ACT_GATHER_INFO |
2017-03-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: securitycenter_5_4_3_tns_2017_04.nasl - Type: ACT_GATHER_INFO |
2017-02-27 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1052.nasl - Type: ACT_GATHER_INFO |
2017-02-16 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0471-1.nasl - Type: ACT_GATHER_INFO |
2017-01-31 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0333-1.nasl - Type: ACT_GATHER_INFO |
2017-01-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-63.nasl - Type: ACT_GATHER_INFO |
2017-01-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-43.nasl - Type: ACT_GATHER_INFO |
2017-01-16 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-36.nasl - Type: ACT_GATHER_INFO |
2017-01-12 | Name: The remote web server is affected by multiple vulnerabilities. File: apache_2_2_32.nasl - Type: ACT_GATHER_INFO |
2017-01-12 | Name: The remote web server is affected by multiple vulnerabilities. File: apache_2_4_25.nasl - Type: ACT_GATHER_INFO |