155 matches found
Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation
Binary data 700690.pasl...
CVE-2018-16789
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...
Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation
According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...
Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation
According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...
DEBIAN-CVE-2017-17806
The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...
US-CERT Warns of ASLR Implementation Flaw In Windows
The U.S. Computer Emergency Readiness Team is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. The vulnerability could allow a remote attacker to take control of an affected system. Microsoft said it...
Design/Logic Flaw
An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...
Null Pointer Dereference
OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the PKCS7 implementation doesn't correctly handle a lack of outer ContentInfo. This flaw allows attackers to cause null pointer dereferences and applications crashes through malformed data with ASN.1 encodi...
Design/Logic Flaw
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...
DLA-650-1 mat - security update
Bulletin has no description...
Design/Logic Flaw
The Local Packet Transport Services LPTS implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service resource...
[SECURITY] [DSA 3296-1] libcrypto++ security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...
Design/Logic Flaw
The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to...
Design/Logic Flaw
The IKEv2 implementation in Cisco ASA Software 8.4 before 8.47.15, 8.6 before 8.61.14, 9.0 before 9.04.8, and 9.1 before 9.15.1 allows remote attackers to cause a denial of service device reload via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401...
PGP 5.x/6.x/7.0 ASCII Armor Parser Arbitrary File Creation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2556/info ASCII Armor is a text based encoding format used by PGP Pretty Good Privacy. While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and public keys to facilitate...
OpenText FirstClass Client 11.005 - Code Execution
No description provided by source. Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: [email protected] Software Link:...
Design/Logic Flaw
The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...
OpenSSL -- Local Information Disclosure
OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...
SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 8974)
The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes : - Dialogs center on screen before becoming visible. - Support for u45 new manifest attributes Application-Name. - Custom applet permission policies panel in itweb-settings control panel. - Plugin...
Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely
Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure...