246 matches found
OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...
RLSA-2021:3891 Important: java-11-openjdk security update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...
Security update for apache-commons-compress (important)
openSUSE Security Update: Security update for apache-commons-compress Announcement ID: openSUSE-SU-2021:1115-1 Rating: important References: 1188463 1188464 1188465 1188466 Cross-References: CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 CVSS scores: CVE-2021-35515 NVD : 7.5...
Oracle Linux 8 : systemd (ELSA-2021-2717)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2717 advisory. 239-45.0.2 - Disable unprivileged BPF by default Orabug: 32870980 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add an...
Ubuntu 18.04 LTS / 20.04 LTS : libwebp vulnerabilities (USN-4971-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4971-1 advisory. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a...
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
...
SUSE: Security Advisory (SUSE-SU-2018:3465-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : jenkins -- multiple vulnerabilities (d6f76976-e86d-4f9a-9362-76c849b10db2)
Jenkins Security Advisory : DescriptionMedium SECURITY-1452 / CVE-2021-21602 Arbitrary file read vulnerability in workspace browsers High SECURITY-1889 / CVE-2021-21603 XSS vulnerability in notification bar High SECURITY-1923 / CVE-2021-21604 Improper handling of REST API XML deserialization erro...
JFrog Artifactory < 7.10.5 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote machine is prior to 7.10.5. It is, therefore, affected by multiple vulnerabilities: - CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to...
Denial Of Service (DoS)
binutils is vulnerable to denial of service DoS. The vulnerability exists through an excessive memory allocation in bfdelfslurpversiontables in elf.c...
MGASA-2020-0364 Updated python-rsa packages fix security vulnerability
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.
...
cryptacular: excessive memory allocation during a decode operation
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
Denial of Service in Cryptacular
CiphertextHeader.java in Cryptacular before 1.2.4, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1548)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2020-1416)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2020-1190)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...