38 matches found
SUSE CVE-2017-8819
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue...
SUSE CVE-2020-6442
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
SUSE CVE-2021-38009
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
bind: Lame cache can be abused to severely degrade resolver performance
A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance...
DEBIAN-CVE-2021-38009
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
USN-5111-1 strongswan vulnerabilities
It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2021-41990 It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A...
DEBIAN-CVE-2020-15982
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
UBUNTU-CVE-2020-15982
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
UBUNTU-CVE-2020-6442
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Important: Red Hat Security Advisory: qemu-kvm-rhev security update
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Multiple TIBCO Product Information Disclosure Vulnerabilities (CNVD-2018-10558)
TIBCO JasperReports Server and so on are the products of the United States TIBCO Software Corporation.TIBCO JasperReports Server is a report generation and editing tools for the server version of the TIBCO JasperReports Server Community Edition is the community version of it. A security...
Mercurial: pathaudit: path traversal via symlink
A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository...
Joomla! sensitive information disclosure vulnerability (CNVD-2017-22325)
Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A security vulnerability exists in Joomla! CMS versions 1.7.3 through 3.7.2, which is caused by the program failing to...
Apple iOS Webkit Redirect Malicious Domain Vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A vulnerability in Apple iOS's handling of resource caches in illegal certificate sites allows attackers to construct malicious WEB pages and trick users into parsing them, which can redirect users to...
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...
OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...