nodejs-trim-newlines: ReDoS in .end() method

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

Vim 代码问题漏洞

Vim is an editor for UNIX-based platforms. A code issue vulnerability exists in Vim that stems from a NULL pointer dereference in Vim...

vim 安全漏洞

Vim is an editor for UNIX-based platforms. A security vulnerability exists in vim that stems from a heap-based buffer overflow in vim prior to 8.2...

RUSTSEC-2020-0071 Potential segfault in the time crate

Impact The affected functions set environment variables without synchronization. On Unix-like operating systems, this can crash in multithreaded programs. Programs may segfault due to dereferencing a dangling pointer if an environment variable is read in a different thread than the affected...

SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMAADPCMdecode in audio/SDLwave.c...

Security Bulletin: IBM Integration Bus and WebSphere Message Broker, upon installation, set incorrect permissions for an object on unix platforms ( CVE-2016-0394 )

Summary IBM Integration Bus and WebSphere Message Broker, upon installation, set incorrect permissions for an object on unix platforms, which exposes it to an unintended actor. Vulnerability Details CVEID: CVE-2016-0394 DESCRIPTION: IBM Integration Bus and WebSphere Message broker set incorrect...

libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398...

flash-plugin: Information Disclosure vulnerabilities (APSB18-08)

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

chromium-browser: url spoofing in omnibox

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2017-6516

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This...

flash-plugin: multiple code execution issues fixed in APSB15-32

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

Updated dbus packages fixes security vulnerability

Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...

MGASA-2015-0405 Updated dbus packages fixes security vulnerability

Updated dbus packages provides security hardening and fixes some bugs Security hardening: On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication secure kernel-mediated credentials-passing, as was already done for the system bus. This avoids...

flash-plugin: multiple code execution flaws (APSB15-19)

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vector...

flash-plugin: two code execution issues in APSA15-04 / APSB15-18

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome...

The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 Arbitrary File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a...

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...

[SECURITY] Fedora 20 Update: xulrunner-24.0-2.fc20

XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...

flash-plugin: multiple code execution flaws (APSB13-14)

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before...

bind: libdns regular expressions excessive resource consumption DoS

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a memory-exhaustion attack again...