142 matches found
git security update
1.8.3.1-20 - Fix CVE-2018-17456: arbitrary code execution via .gitmodules Thanks to Jonathan Nieder for backporting to 2.1.x and to Steve Beattie for backporting to 1.9.1...
openssl security update
1.0.2k-12.0.3 - Oracle bug 28672370: backport CVE-2018-0732 - Oracle bug 28672351: backport CVE-2018-0737...
Ruby on Rails: Untrusted strings that are cache fetched with raw option are automatically marshal loaded
This vulnerability effects application code that caches a string from an untrusted source using the raw: true option. For example, vulnerable application code might looks something like the following ruby body = Rails.cache.fetchkey, raw: true, expiresin: ttl do res = Net::HTTP.getresponseremoteu...
[SECURITY] [DSA 4203-1] vlc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4203-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2018 https://www.debian.org/security/faq -...
Remote code execution
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
Debian DLA-1002-1 : smb4k security update
Sebastian Krahmer from SUSE discovered that smb4k, a Samba SMB share advanced browser, contains a logic flaw in which the mount helper binary does not properly verify the mount command it is being asked to run. This allows local users to call any other binary as root. The issue is resolved by...
[SECURITY] [DLA 1002-1] smb4k security update
Package : smb4k Version : 1.2.1-2deb7u1 CVE ID : CVE-2017-8849 Debian Bug : 862505 Sebastian Krahmer from SUSE discovered that smb4k, a Samba SMB share advanced browser, contains a logic flaw in which the mount helper binary does not properly verify the mount command it is being asked to run. Thi...
Fedora 25 : libarchive (2017-55a8f10223)
fix two minor CVEs by backporting upstream commits Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2017-6056
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
CVE-2017-6056
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
Design/Logic Flaw
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
CVE-2017-6056
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
CVE-2017-6056
Removed by vendor...
CVE-2017-6056
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...
CVE-2016-9644
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...
CVE-2016-9644
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...
CVE-2016-9644
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this...
DSA-3548-3 samba - regression update
Bulletin has no description...