3044 matches found
Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)
DL::dlopen could open a library with tainted library name even if $SAFE 0. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-632. include"compat.inc"; if description scriptid87966;...
Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 Hotfix 11 update
An update for Red Hat JBoss Operations Network 3.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
UBUNTU-CVE-2015-9542
addpassword in pamradiusauth.c in pamradius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy. An attacker could send a crafted password to an application loading the pamradius library and crash it. Arbitrary code...
UBUNTU-CVE-2015-8683
The putcontig8bitCIELab function in tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via a packed TIFF image...
libxml2 Denial of Service Vulnerability (CNVD-2015-08400)
libxml2 is an XML parser and markup toolset. A denial of service vulnerability exists in versions of libxml2 prior to 2.9.3. An attacker is able to cause a denial of service via unspecified vectors regarding incorrect entity boundaries and start tags...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to trigger a service failure
The vulnerability of the inittile function in the libavcodec/jpeg2000dec.c file of the FFmpeg multimedia library exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure using specially crafted JPEG 2000 data...
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
It was discovered that the pnggetPLTE and pngsetPLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer...
AZL-45078 CVE-2015-8126 affecting package fltk for versions less than 1.3.8-1
Multiple buffer overflows in the 1 pngsetPLTE and 2 pnggetPLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service application crash or possibly have...
USN-2790-1 nspr vulnerability
Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code...
OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...
OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...
OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
UBUNTU-CVE-2015-4806
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...
UBUNTU-CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
UBUNTU-CVE-2014-9651
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index-ci procedures."...
Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to execute arbitrary code or cause system failures
The vulnerability of the TRE library in Libc-based iOS and Mac OS X operating systems arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause system failures remotely...
firefox: multiple issues
CVE-2015-4473 Memory safety bugs fixed in Firefox ESR 38.2 and Firefox 40: Gary Kwong, Christian Holler, and Byron Campen reported memory safety problems and crashes that affect Firefox ESR 38.1 and Firefox 39. - CVE-2015-4474 Memory safety bugs fixed in Firefox 40: Tyson Smith, Bobby Holley,...
OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...
UBUNTU-CVE-2015-3146
The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...
UBUNTU-CVE-2015-3451
The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...