637 matches found
Unspecified Vulnerability in Oracle Database RDBMS Security Component
Oracle Database is a large database of commercial nature. A security vulnerability exists in the Oracle Database RDBMS Security component that allows an authenticated user to compromise system confidentiality...
Unspecified Arbitrary Code Execution Vulnerability in Oracle Java SE Security Component
Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the Security subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious web page that...
MariaDB 10.0.0 < 10.0.20 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.20 advisory. - Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
CVE-2014-8838
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...
CVE-2014-8838
CVE-2014-8838 affects macOS OS X prior to 10.10.2, where the Security component mishandles cached app certificate information. This allows a crafted app signed with a revoked Developer ID to bypass Gatekeeper checks, as described in the vulnerability entry and corroborated by vulnerability listin...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
Important: java-1.8.0-openjdk
Issue Overview: Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions...
CVE-2013-5958
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...
CVE-2013-5958
The vulnerability CVE-2013-5958 affects the Symfony Security component: Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6. A long password can trigger an expensive PBKDF2 hash computation, leading to CPU-based denial of service. Remediation is upgrading ...
CVE-2013-5958
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...
CVE-2013-5958
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...
Security feature bypass
Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors...
CVE-2014-3099
Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors...
USN-2360-1 firefox vulnerabilities
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates...
Critical: java-1.7.0-openjdk
Issue Overview: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execut...
OpenJDK: null xmlns handling issue (Security, 8025026)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...
CVE-2013-5878
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...
Design/Logic Flaw
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...
CVE-2013-5878
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...