Log

CVE-2016-9078 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
Notes
CVE-2016-9079 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
Notes
CVE-2016-9080 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
Notes
CVE-2016-9113 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ There is a NULL pointer dereference in the imagetobmp function of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL) which is leading to an application crash.
References
+ https://github.com/uclouvain/openjpeg/issues/856
Notes
CVE-2016-9114 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ There is a NULL pointer access in the imagetopnm function of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL) which is leading to an application crash.
References
+ https://github.com/uclouvain/openjpeg/issues/857
Notes
CVE-2016-9115 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A heap buffer over-read has been discovered in the imagetotga function of convert.c(jp2):942 in OpenJPEG 2.1.2. Opening a specially crafted j2k file is leading to application crash.
References
+ https://github.com/uclouvain/openjpeg/issues/858
Notes
CVE-2016-9116 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A NULL pointer access has been discovered in the imagetopnm function of convert.c:2226(jp2) in OpenJPEG 2.1.2. Opening a crafted j2k file leads to an application crash.
References
+ https://github.com/uclouvain/openjpeg/issues/859
Notes
CVE-2016-9117 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A NULL pointer access has been discovered in the imagetopnm function of convert.c(jp2):1289 in OpenJPEG 2.1.2. Opening a crafted j2k file leads to an application crash.
References
+ https://github.com/uclouvain/openjpeg/issues/860
Notes
CVE-2016-9118 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap buffer overflow (WRITE of size 4) has been discovered in the pnmtoimage function of convert.c:1719 in OpenJPEG 2.1.2. An attacker could create a malicious file that, when processed, could cause a crash or potentially code execution.
References
+ https://github.com/uclouvain/openjpeg/issues/861
+ https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41
Notes
CVE-2016-9131 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
References
+ https://kb.isc.org/article/AA-01439/0
Notes