查看最近更新的漏洞列表 [OSVDB] (608)

OSVDB/97019(发布:2013-09-10 00:41:06)NMCOS
CVSS9.3

Multiple Code Aurora Forum products contain a flaw in the CONFIG_STRICT_MEMORY_RWX feature. The issue is due to the program setting insecure permission for the aforementioned feature. This may allow a remote attacker to manipulate memory objects and more easily execute arbitrary code or crash the program.

OSVDB/96924(发布:2013-09-06 18:29:44)NMCOS
CVSS7.8

Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified integer overflow condition during the handling of hardware command IOCTL calls that may allow a local attacker to cause a denial of service or potentially execute of arbitrary code.

OSVDB/96923(发布:2013-09-06 18:26:49)NMCOS
CVSS7.8

Gemini JPEG encoder, Mercury JPEG decoder, and Jpeg1.0 common encoder/decoder contain an unspecified flaw related to incorrectly treating the number of hardware commands as signed. No further details have been provided.

OSVDB/102965(发布:2014-02-07 13:10:08)NMCOS
CVSS4.3

Opera contains a flaw in the intent: protocol that is due to the program failing to restrict access to the contents of local data files. This may allow a local attacker to gain access to potentially sensitive information.

OSVDB/102870(发布:2014-02-11 00:27:33)NMCOPS
CVSS5.0

Mozilla Firefox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the system log, which discloses the software's profile path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

OSVDB/102456(发布:2014-01-25 02:48:05)NMCOS
CVSS4.3

Simple Zip Viewer (SimZip) for Android contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via specially crafted filename. With a specially crafted request, a context-dependent attacker can manipulate arbitrary files.

12345678下一页尾页 第1页 / 共102页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站