Medium: tomcat6

Issue Overview: It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing...

Medium: tomcat8

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

chromium-browser: use-after-free in Blink

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

UBUNTU-CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)

This updates addresses a critical security vulnerability in the DNS resolver related to AFUNSPEC queries with getaddrinfo CVE-2015-7547. It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc scalability for applications which start and terminate many threads. The...

Fedora 23 : glibc-2.22-9.fc23 (2016-0f9e9a34ce)

This updates addresses a critical security vulnerability in the DNS resolver related to AFUNSPEC queries with getaddrinfo CVE-2015-7547. In addition, a bug that causes Hesiod lookups to fail with a crash is fixed. Note that Tenable Network Security has extracted the preceding description block...

openSUSE: Security Advisory for glibc (openSUSE-SU-2016:0490-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for glibc (openSUSE-SU-2016:0512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the glibc library, which allows a hacker to cause a service failure or execute arbitrary code

The vulnerability of the libresolv component in the glibc library is related to multiple buffer overflows in the senddg and sendvc functions. Exploiting this vulnerability allows an attacker to cause service failures or execute arbitrary code by sending specially crafted DNS requests that trigger...

ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)

The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library glibc DNS client-side resolver due to improper validation of user-supplied input when looking up names via the...

F5 BIG-IP - glibc vulnerability CVE-2015-7547

The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

openSUSE Security Update : glibc (openSUSE-2016-234)

This update for glibc fixes the following security issues : - fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Security update for glibc (critical)

This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...

Security update for glibc (critical)

This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...

SA114 : GNU C Library (glibc) Remote Code Execution February 2016

SUMMARY Blue Coat products using an affected version of the GNU C Library glibc are susceptible to a remote execution attack. A remote attacker can send a crafted DNS response to the glibc DNS resolver and cause the resolver to crash or execute arbitrary code. AFFECTED PRODUCTS The following...

MGASA-2016-0065 Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

Updated nginx packages fix security vulnerabilities

Updated nginx package fixes security vulnerabilities: Several vulnerabilities were discovered in the resolver in nginx, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file CVE-2016-0742,...

Debian DSA-3481-1 : glibc - security update

Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. - CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AFUNSPEC querie...

glibc getaddrinfo 栈缓冲区溢出漏洞(CVE-2015-7547)

漏洞概要 Glibc是GNU发布的LIBC库的C运行库，Glibc是Linux系统中最底层的API，基本其它任何运行库都会依赖于Glibc。Glibc除了封装Linux操作系统所提供的系统服务外，还提供了其它的必要服务的实现。由于 Glibc 几乎包含所有的 UNIX 通行的标准，可以说是操作系统重要支撑库。 Glibc中的 DNS...