Lucene search
+L

398 matches found

UbuntuCve
UbuntuCve
added 2017/01/23 12:0 a.m.21 views

CVE-2017-5563

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tiflzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff...

8.8CVSS7.4AI score0.03023EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/10/12 6:48 a.m.38 views

Internet Bug Bounty: memcpy negative size parameter in php_resolve_path

Upstream Bug --- https://bugs.php.net/bug.php?id=73189 Summary -- Multiple PHP functions are vulnerable to negative size parameter in memcpy call through phpresolvepath. Some of the affected functions are: filegetcontents, fileputcontents, file, readfile, getmetatags, gzopen, readgzfile, gzfile,...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2016/08/19 2:58 a.m.38 views

Internet Bug Bounty: imagegammacorrect allows arbitrary write access

Upstream Bug --- 2016-08-02 03:46 UTC https://bugs.php.net/bug.php?id=72730 Summary -- imagegammacorrect accepts two gamma values, if they don't have the same sign then the palette colors will be assigned values bigger than 0xFF, later this values are used to calculate the transparent color using...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/28 12:0 a.m.47 views

openSUSE Security Update : python (openSUSE-2016-906)

Python was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib bsc984751 - CVE-2016-5636: zipimporter heap overflow bsc985177 - CVE-2016-5699: httplib header injection bsc985348 This update also includes all upstream bu...

10CVSS6.9AI score0.26316EPSS
Exploits7References7
Hacker One
Hacker One
added 2016/06/24 4:47 a.m.18 views

Internet Bug Bounty: NULL Pointer Dereference at _gdScaleVert

Upstream bug reports https://bugs.php.net/bug.php?id=72407 Reported to PHP 2016-06-15 Patch: http://git.php.net/?p=php-src.git;a=commit;h=b9ec171e7d25879d97473ca50197c4207420c276 Fixed for PHP 5.5.37 security only mode http://php.net/ChangeLog-5.php5.5.37 Fixed for PHP 5.6.23...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/01/25 12:0 a.m.46 views

openSUSE Security Update : nodejs (openSUSE-2016-46)

This update contains nodejs 4.2.4 and fixes the following issues : - CVE-2015-6764: unspecified out-of-bounds access vulnerability boo956902 - CVE-2015-8027: unspecified denial of service vulnerability boo956901 The following non-security bugs were fixed : - boo948045: Nodejs 4.0 rpm does not...

9.8CVSS7.9AI score0.05356EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2015/01/23 3:59 p.m.28 views

CVE-2014-9640

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file...

5CVSS6.1AI score0.03243EPSS
Exploits0References1
Mageia
Mageia
added 2014/11/26 5:29 p.m.63 views

Updated avidemux packages fix security vulnerabilities

A heap-based buffer overflow in the encodeslice function in libavcodec/proresenckostya.c in FFmpeg before 1.2.9 can cause a crash, allowing a malicious image file to cause a denial of service CVE-2014-5271. libavcodec/iff.c in FFmpeg before 1.2.9 allows an attacker to have an unspecified impact v...

7.5CVSS9.4AI score0.04697EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.28 views

Amazon Linux AMI : python27 (ALAS-2014-380)

It was reported that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report : 'The sole prerequisites of this attack are that the attacker is able to control or influence the two...

5.9CVSS7.3AI score0.08125EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.33 views

openSUSE Security Update : chromium (openSUSE-SU-2013:1861-1)

Chromium was updated to 31.0.1650.57: Stable channel update : - Security Fixes : - CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update : - Security fixes : - CVE-2013-6621: Use after free related to speech input elements.. - CVE-2013-6622: Use...

10CVSS8AI score0.10117EPSS
Exploits5References37
RedHat Linux
RedHat Linux
added 2014/03/31 4:31 p.m.5 views

wireshark: MQ dissector crash (wnpa-sec-2013-58, upstream bug 9079)

The dissectmqrr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service application crash via a crafted packet...

4.3CVSS6.3AI score0.01683EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/08/15 12:0 a.m.23 views

Fedora 18 : spice-0.12.4-1.fc18 (2013-14362)

New upstream bug-fix release 0.12.4 - Fixes a client triggerable abort CVE-2013-4130 - Add patches from upstream git to fix sound-channel-free crash rhbz986407 - Stop building spicec, it's obsolete and superseded by remote-viewer part of virt-viewer Note that Tenable Network Security has...

5CVSS5.3AI score0.02629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/18 12:0 a.m.249 views

Fedora 17 : postgresql-9.1.4-1.fc17 (2012-8924)

Upstream bug fix + security updates, including the fixes for CVE-2012-2143, CVE-2012-2655 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

4.3CVSS8.1AI score0.05734EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2011/05/20 12:0 a.m.33 views

RHEL 6 : eclipse (RHSA-2011:0568)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0568 advisory. The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting XSS flaw was found in the...

4.3CVSS5.5AI score0.05219EPSS
Exploits1References28
RedHat Linux
RedHat Linux
added 2011/03/21 5:5 p.m.7 views

Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a malformed file...

6.8CVSS7.4AI score0.07508EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2009/07/22 12:0 a.m.33 views

CVE-2009-2464

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to loading multip...

10CVSS6.2AI score0.1323EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2008/04/04 12:0 a.m.34 views

Ubuntu 6.06 LTS : mysql-dfsg-5.0 regression (USN-588-2)

USN-588-1 fixed vulnerabilities in MySQL. In fixing CVE-2007-2692 for Ubuntu 6.06, additional improvements were made to make privilege checks more restictive. As a result, an upstream bug was exposed which could cause operations on tables or views in a different database to fail. This update fixe...

7.5CVSS8.6AI score0.91602EPSS
Exploits16References6
Oracle linux
Oracle linux
added 2006/11/30 12:0 a.m.34 views

Moderate squirrelmail security update

1.4.8-2.1 - remove banners 1.4.8-2 - more Japanese filename fixes 195639 1.4.8-1 - 1.4.8 release with CVE-2006-4019 and upstream bug fixes 1.4.7-5 - More JP translation updates 194598 1.4.7-4 - Fix fatal typo in configlocal.php 198306 1.4.7-2 - Move sqspellconfig.php to /etc and mark it...

6.4CVSS3.3AI score0.09798EPSS
Exploits4
Rows per page
Query Builder