41 matches found
SUSE CVE-2017-16239
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using Nova Filter...
httpd: Unexpected URL matching with 'MergeSlashes OFF'
A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...
httpd: Unexpected URL matching with 'MergeSlashes OFF'
A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...
USN-4754-2 python2.7 regression
USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain...
binutils:fuzz_readelf: Heap-buffer-overflow in read_leb128
Detailed Report: https://oss-fuzz.com/testcase?key=6294642243665920 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzreadelf Job Type: libfuzzerasanbinutils Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x6210000064fc Crash State: readleb128...
dlplibs:key6fuzzer: Segv on unknown address in std::__1::deque<std::__1::deque<boost::variant<libetonyek::MoveTo, libetonyek::L
Detailed Report: https://oss-fuzz.com/testcase?key=5068676089511936 Project: dlplibs Fuzzing Engine: afl Fuzz Target: key6fuzzer Job Type: aflasandlplibs Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: std::1::dequestd::1::dequeboost::variantlibetonyek::MoveTo,...
binutils:fuzz_readelf: Stack-buffer-overflow in print_dynamic_symbol
Detailed Report: https://oss-fuzz.com/testcase?key=5953247323095040 Project: binutils Fuzzing Engine: honggfuzz Fuzz Target: fuzzreadelf Job Type: honggfuzzasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash Address: 0x7f67ff9a3340 Crash State: printdynamicsymbol...
poppler:pdf_fuzzer: Use-of-uninitialized-value in Splash::pipeRunSimpleXBGR8
Detailed Report: https://oss-fuzz.com/testcase?key=5659855921872896 Project: poppler Fuzzing Engine: libFuzzer Fuzz Target: pdffuzzer Job Type: libfuzzermsanpoppler Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: Splash::pipeRunSimpleXBGR8 Splash::blitImage...
oniguruma:fuzzer: Index-out-of-bounds in parse_exp
Project: https://github.com/kkos/oniguruma.git Detailed Report: https://oss-fuzz.com/testcase?key=5203948213633024 Project: oniguruma Fuzzing Engine: libFuzzer Fuzz Target: fuzzer Job Type: libfuzzerubsanoniguruma Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State:...
envoy:symbol_table_fuzz_test: Stack-buffer-overflow in Envoy::Stats::Fuzz::EnvoyTestOneInput
Project: https://github.com/envoyproxy/envoy.git Detailed Report: https://oss-fuzz.com/testcase?key=5645970620809216 Project: envoy Fuzzing Engine: libFuzzer Fuzz Target: symboltablefuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address:...
binutils:fuzz_bfd: Heap-buffer-overflow in xcoff64_slurp_armap
Detailed Report: https://oss-fuzz.com/testcase?key=5127251264012288 Project: binutils Fuzzing Engine: afl Fuzz Target: fuzzbfd Job Type: aflasanbinutils Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 8 Crash Address: 0x6210002f7ce0 Crash State: xcoff64slurparmap xcoff64archivep...
binutils:fuzz_disassemble: Global-buffer-overflow in exg_sex_discrim
Detailed Report: https://oss-fuzz.com/testcase?key=5752218594050048 Project: binutils Fuzzing Engine: afl Fuzz Target: fuzzdisassemble Job Type: aflasanbinutils Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address: 0x000001977e78 Crash State: exgsexdiscrim decodeoperation...
kernel: error in exception handling leads to DoS (CVE-2018-8897 regression)
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch...
chakra: Crash in libgcc_s.so.1
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=5713014413066240 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f863863e000 Crash State: libgccs.so.1...
glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)
It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes...
SUSE-SU-2017:0453-1 Security update for tiff
This update for tiff fixes the following issues: - A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility CVE-2017-5225, bsc1019611. Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAGFAXRECVPARAMS. bsc1022103...
CentOS Update for nspr CESA-2013:1791 centos5
Check for the Version of nspr OpenVAS Vulnerability Test CentOS Update for nspr CESA-2013:1791 centos5 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
CentOS Update for libtiff CESA-2011:0392 centos5 x86_64
Check for the Version of libtiff OpenVAS Vulnerability Test CentOS Update for libtiff CESA-2011:0392 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
RedHat Update for libtiff RHSA-2011:0392-01
Check for the Version of libtiff OpenVAS Vulnerability Test RedHat Update for libtiff RHSA-2011:0392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
REGRESSION: have problem to run JNLP app and applets with signed Jar files (6870531)
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP 1 application or 2 applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531...