476 matches found
CVE-2015-20109
endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...
CVE-2015-20109
endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...
K15152: Ruby vulnerability CVE-2013-4164
Security Advisory Description Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is...
K15441: PHP vulnerability CVE-2011-1148
Security Advisory Description Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...
K16870: logrotate vulnerability CVE-2011-1154
Security Advisory Description The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a...
K15571: OpenSSL vulnerability CVE-2014-3508
Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...
K21284031: GnuPG vulnerability CVE-2014-4617
Security Advisory Description The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. CVE-2014-4617...
K12597: PHP vulnerability CVE-2010-4156
Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...
SUSE CVE-2006-1902
foldbinary in fold-const.c in GNU Compiler Collection gcc 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQEXPR and NEEXPR, which might introduce buffer overflow vulnerabilities into applications that could b...
SUSE CVE-2011-1154
The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...
SUSE CVE-2013-4440
Password Generator aka Pwgen before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
SUSE CVE-2013-4441
The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack...
SUSE CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...
SUSE CVE-2016-9598
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483...
SUSE CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...
GHSA-8833-QRVM-WC3H OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...
Apache Derby exposes user and password attributes
Apache Derby before 10.1.2.1 exposes the 1 user and 2 password attributes in cleartext via a the RDBNAM parameter of the ACCSEC command and b the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information...
CVE-2015-8751
Integer overflow in the jasmatrixcreate function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation...
CVE-2013-2213
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-1461)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...