21 matches found
EUVD-2015-7804
Malware in sbrugna...
EUVD-2019-6390
Malware in sbrugna...
EUVD-2018-13634
Malware in sbrugna...
EUVD-2009-3846
Malware in sbrugna...
EUVD-2006-6824
Malware in sbrugna...
EUVD-2015-0838
Malware in sbrugna...
EUVD-2015-7291
Malware in sbrugna...
Security Bulletin: IBM Copy Services Manager is vulnerable to remote attack vulnerabilities due to IBM WebSphere Application Server Liberty multiple vulnerabilities.
Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Websphere Application Server Liberty. IBM Websphere Application Server Liberty is used by IBM Copy Services Manager to serve application content. The following vulnerabilities have been...
Security Bulletin: IBM Engineering Lifecycle Management products are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)
Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44832 which is used by the IBM Engineering Lifecycle Management products for logging . The fix includes upgrade to Apache log4j v2.17.1. Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION:...
U.S. Dept Of Defense: HTTP Request Smuggling
hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...
nspr, nss security update
CentOS Errata and Security Advisory CESA-2020:4076 An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whi...
CVE-2017-5943
Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...
SUSE-SU-2016:2872-1 Security update for bash
This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the...
OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...
Authentication flaw
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
CVE-2007-3472
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact...
CVE-2002-0386
The administration module for Oracle Web Cache in Oracle9iAS 9i Application Suite 9.0.2 allows remote attackers to cause a denial of service crash via 1 an HTTP GET request containing a ".." dot dot sequence, or 2 a malformed HTTP GET request with a chunked Transfer-Encoding with missing data...
WindowsNT DNS Server Character Saturation DoS
We could make the remote DNS server crash by flooding it with characters. It is likely a WindowsNT DNS server. Crashing the DNS server could allow an attacker to make your network non-functional, or even to use some DNS spoofing techniques to gain privileges on the network. C Tenable Network...