21 matches found
RHEL 6 : vte (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vte: DoS long loop via escape sequences with large repeat counts CVE-2012-2738 - The...
Oracle Linux 9 : buildah (ELSA-2023-6473)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6473 advisory. - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539...
Regular Expression Denial Of Service (ReDoS)
mimer is vulnerable to regular expression denial of service ReDoS. The function extGetter uses an incorrect regular expression to split file path input from the user, causing an application crash via intensive CPU and memory consumption when parsing malicious file path...
Authentication Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...
CVE-2017-14059
FFmpeg 3.3.3 is affected by CVE-2017-14059, a denial-of-service in cine_read_header() caused by missing EOF checks during CINE header parsing. A crafted CINE file with a large duration field but insufficient backing data can trigger an image-offset parsing loop that consumes excessive CPU and mem...
CVE-2017-13776
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it...
RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:1504)
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...
Oracle Linux 6 / 7 : java-1.7.0-openjdk (ELSA-2015-1920)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1920 advisory. 1:1.7.0.91-2.6.2.2.0.1 - Update DISTRONAME in specfile 1:1.7.0.91-2.6.2.2 - added and applied patch500 8072932or8074489.patch to fix tck failure -...
CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1919)
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...
Amazon Linux AMI : libxml2 (ALAS-2013-188)
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka 'internal entity expansion' with linear complexity. C Tenable...
CVE-2013-2160
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Web Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...
Important: Red Hat Security Advisory: jbossws-common security update
An updated jbossws-common package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.1 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...
CVE-2011-1174
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service CPU and memory consumption via a series of manager sessions involving invalid data...
CVE-2010-4756
The glob implementation in the GNU C Library aka glibc or libc6 allows remote authenticated users to cause a denial of service CPU and memory consumption via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a differen...
CVE-2010-4755
CVE-2010-4755 : OpenSSH 5.8 and earlier is affected. The vulnerability resides in the remote_glob function (sftp-glob.c) and the process_put function (sftp.c), used by OpenSSH’s SFTP daemon. Remote authenticated users can trigger CPU and memory exhaustion by sending crafted glob expressions that ...
CVE-2010-2632
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the...
[SECURITY] [DSA 1483-1] New net-snmp packages fix denial of service vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-1483-1 [email protected] http://www.debian.org/security/ Noah Meyerhans February 06, 2008 http://www.debian.org/security/faq -...
CVE-2006-1387
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service infinite recursion leading to CPU and memory consumption via INCLUDE by URL statements that form a loop, such as a page that includes itself...