2677 matches found
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
CVE-2015-2788
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
DEBIAN-CVE-2015-2788
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
CVE-2015-2788
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
UBUNTU-CVE-2015-2788
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
Stack overflow
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.7-1.fc21
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.3.7-1.fc20
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 22 Update: php-ZendFramework2-2.3.7-1.fc22
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
USN-2535-1 php5 vulnerabilities
Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
Password retrieve logic vulnerability summary-vulnerability warning-the black bar safety net
0x00 background description Please note these two articles: Password retrieve function there may be a problem Password retrieve function there may be issues supplemented From the above two documents the past six months, recently finishing a password to get back to the mind map, open the collectio...
CVE-2014-7853
The JBoss Application Server WildFly JacORB subsystem in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information ...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
DEBIAN-CVE-2014-6268
The evtchnfifosetpending function in Xen 4.4.x allows local guest users to cause a denial of service host crash via vectors involving an uninitialized FIFO-based event channel control block when 1 binding or 2 moving an event to a different VCPU...