Lucene search
K

270 matches found

Cent OS
Cent OS
added 2017/02/13 5:16 p.m.303 views

java security update

CentOS Errata and Security Advisory CESA-2017:0269 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common...

9.6CVSS7.2AI score0.95707EPSS
Exploits13References7
RedHat Linux
RedHat Linux
added 2017/02/13 11:17 a.m.4 views

OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)

It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...

5.3CVSS7.3AI score0.03533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/02/13 12:0 a.m.80 views

RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0269 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit...

9.6CVSS7.6AI score0.95707EPSS
Exploits13References26
RedHat Linux
RedHat Linux
added 2017/02/09 12:5 p.m.2 views

OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)

It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...

5.3CVSS7.3AI score0.03533EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2017/02/09 5:44 a.m.98 views

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

9.6CVSS7.4AI score0.95707EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2017/02/09 12:0 a.m.64 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...

9.6CVSS7.7AI score0.95707EPSS
Exploits13References13
Tenable Nessus
Tenable Nessus
added 2017/01/27 12:0 a.m.150 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-791)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-3241 This...

9.6CVSS7.3AI score0.95707EPSS
Exploits13References13
Amazon
Amazon
added 2017/01/26 12:0 a.m.57 views

Critical: java-1.8.0-openjdk

Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

9.6CVSS8.8AI score0.95707EPSS
Exploits13
RedHat Linux
RedHat Linux
added 2017/01/20 11:4 a.m.4 views

OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)

It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...

5.3CVSS7.3AI score0.03533EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/19 1:59 p.m.8 views

OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)

It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...

5.3CVSS7.3AI score0.03533EPSS
Exploits0References4
myhack58
myhack58
added 2016/09/14 12:0 a.m.49 views

On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net

! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...

0.3AI score
Exploits0
CNVD
CNVD
added 2016/08/21 12:0 a.m.3 views

PHP 'php_snmp_parse_oid()' function integer overflow vulnerability

PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in the PHP 'phpsnmpparseoid' function. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...

7.6AI score
Exploits0References1
OSV
OSV
added 2015/06/12 7:59 p.m.2 views

DEBIAN-CVE-2015-1792

The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...

5CVSS9.2AI score0.22476EPSS
Exploits0References1
OSV
OSV
added 2014/11/26 12:0 a.m.4 views

UBUNTU-CVE-2014-9087

Integer underflow in the ksbaoidtostr function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service crash via a crafted OID in a 1 S/MIME message or 2 ECC based OpenPGP data, which triggers a buffer overflow...

7.5CVSS7.6AI score0.05167EPSS
Exploits0References5
OSV
OSV
added 2014/06/10 2:55 p.m.1 views

DEBIAN-CVE-2014-3465

The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN...

5CVSS6.6AI score0.06783EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.23 views

openSUSE Security Update : libsmi (openSUSE-SU-2011:0011-1)

This update fixes a buffer overflow the smiGetNode function in libsmi. It allowed context-dependent attackers to execute arbitrary code via an Object Identifier. CVE-2010-2891: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS5.9AI score0.14035EPSS
Exploits4References3
OSV
OSV
added 2010/10/28 12:0 a.m.4 views

AZL-7272 CVE-2010-2891 affecting package libsmi for versions less than 0.4.8-27

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...

7.5CVSS6.2AI score0.14035EPSS
Exploits4References1
OSV
OSV
added 2010/10/28 12:0 a.m.1 views

DEBIAN-CVE-2010-2891

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...

7.5CVSS8.2AI score0.14035EPSS
Exploits4References1
OSV
OSV
added 2010/10/28 12:0 a.m.4 views

CVE-2010-2891

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...

7.5CVSS7.4AI score0.14035EPSS
Exploits4References21
UbuntuCve
UbuntuCve
added 2010/10/28 12:0 a.m.49 views

CVE-2010-2891

Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...

7.5CVSS6.2AI score0.14035EPSS
Exploits4References1
Rows per page
Query Builder