RHEL 6 : vte (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vte: DoS long loop via escape sequences with large repeat counts CVE-2012-2738 - The...

Scrapy vulnerable to ReDoS via XMLFeedSpider

Impact The following parts of the Scrapy API were found to be vulnerable to a ReDoS attack: - The XMLFeedSpider class or any subclass that uses the default node iterator: iternodes, as well as direct uses of the scrapy.utils.iterators.xmliter function. - Scrapy 2.6.0 to 2.11.0: The openinbrowser...

Oracle Linux 9 : buildah (ELSA-2023-6473)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6473 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...

Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore

A regular expression based Denial of Service DoS vulnerability was discovered in Active Support. The vulnerability allowed for a specially crafted string to cause the regular expression engine to enter a state of catastrophic backtracking, leading to excessive CPU and memory usage. The...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, 6.1.7.1, 7.0.4.1 Impact A...

SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2022:4146-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4146-1 advisory. The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h...

Regular Expression Denial Of Service (ReDoS)

mimer is vulnerable to regular expression denial of service ReDoS. The function extGetter uses an incorrect regular expression to split file path input from the user, causing an application crash via intensive CPU and memory consumption when parsing malicious file path...

Code injection

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973...

Authentication Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

Authentication Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

JVN#36343375: Multiple vulnerabilities in YukiWiki

YukiWiki is a Wiki engine. YukiWiki contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-0699 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Processing...

CVE-2017-14222

In libavformat/mov.c in FFmpeg 3.3.3, a DoS in readtfra due to lack of an EOF End of File check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "itemcount" field in the header but does not contain sufficient backing data, is provided, the loop would...

CVE-2017-14059

FFmpeg 3.3.3 is affected by CVE-2017-14059, a denial-of-service in cine_read_header() caused by missing EOF checks during CINE header parsing. A crafted CINE file with a large duration field but insufficient backing data can trigger an image-offset parsing loop that consumes excessive CPU and mem...

CVE-2017-13776

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...

Low: Red Hat Security Advisory: samba security, bug fix, and enhancement update

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Heroku Dynos Explained

What are Heroku Dynos? If youve ever hosted an application on Heroku, the popular platform as a service, youre likely at least aware of the existence of "Dynos". But what exactly are Heroku Dynos and why are they important? As explained in Herokus docs, Dynos are simply lightweight Linux containe...

RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...

java security update

CentOS Errata and Security Advisory CESA-2016:1504 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20151118)

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,...

RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:1920)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1920 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple...