143 matches found
CVE-2015-3357
Cross-site scripting XSS vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log messa...
Cross site scripting
Cross-site scripting XSS vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log messa...
Cross site scripting
Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...
CVE-2015-3364
Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...
Ubuntu 14.04 LTS : OpenStack Cinder vulnerabilities (USN-2405-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2405-1 advisory. Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated...
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2407-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2407-1 advisory. Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated...
USN-2407-1: OpenStack Nova vulnerabilities
Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...
Medium: rsyslog
Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 Affected Packages: rsyslog Issue...
Scientific Linux Security Update : rsyslog5 and rsyslog on SL5.x, SL6.x i386/x86_64 (20141020)
A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 After installing the update, the rsyslog service...
RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: rsyslog security update
Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...
rsyslog security update
CentOS Errata and Security Advisory CESA-2014:1397 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, whic...
openSUSE Security Update : pidgin-otr (openSUSE-SU-2012:0717-1)
pidgin-otr was prone to a format string flaw in logmessagecb %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-314. The text description of this plugin is C SUSE LLC...
pacemaker security, bug fix, and enhancement update
1.1.10-14 - Log: crmd: Supply arguments in the correct order Resolves: rhbz996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz996850 1.1.10-13 - Fix: cman: Start clvmd and friends from the init script if enabled 1.1.10-12 - Fix: Consistently use 'Slave' as the role for...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4389 rubygem-actionmailer: email address processing DoS
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
CVE-2013-4147
Multiple format string vulnerabilities in Yet Another Radius Daemon YARD RADIUS 1.1.2 allow context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in a request in the 1 logmsg function in log.c or 2 version or 3 buildversion...
bind: named crash with an assertion failure on parsing malformed rdata
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...
MGASA-2013-0237 Updated bind package fixes security vulnerability
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...