MongoDB repair a can be remotely exploitable DoS（denial of service）vulnerability-vulnerability warning-the black bar safety net

! The popular NoSQL database MongoDB recently repaired a serious and can be remotely exploitable denial-of-service（DoS）vulnerabilities. The vulnerability by FortiGuard Labs researchers in the 2 on 2 0 and 2 3, find the MongoDB official have to 3 on 1 7, release patch. Vulnerability can be caused ...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

PCRE Denial of Service Vulnerability (CNVD-2015-02117)

PCRE Perl Compatible Regular Expressions is a Perl library that includes a library of perl-compatible regular expressions. A denial of service vulnerability exists in PCRE 8.36 and earlier versions, which can be exploited by a remote attacker to cause stack exhaustion leading to a denial of servi...

CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...

CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...

JBoss RichFaces Arbitrary Code Execution Vulnerability

JBoss RichFaces is a Web framework with Ajax and JSF features . JBoss RichFaces handles do parameters with a security vulnerability that allows attackers to inject EL expressions and execute arbitrary java code...

CVE-2015-0279

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language EL expressions and execute arbitrary Java code via the do parameter...

Debian DLA-67-1 : php5 security update

CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service CPU consumption via a specially crafted input file that triggers backtracking during processing of an awk regular expression...

RichFaces: Remote Command Execution via insufficient EL parameter sanitization

It was found that the 'do' parameter permitted expression language EL injection, which could allow a remote attacker to execute Java methods on an affected server...

Important: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.7.0 security update

An update for the RichFaces component of Red Hat JBoss Web Framework Kit 2.7.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score...

Debian Security Advisory DSA 3187-1 (icu - security update)

Several vulnerabilities were discovered in the International Components for Unicode ICU library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional...

DSA-3187-1 icu - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3187-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for pcre RHSA-2015:0330-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: pcre security and enhancement update

Updated pcre packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

SUSE-SU-2015:0458-1 Security update for icu

icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bnc917129...

Design/Logic Flaw

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

grep: Denial of service

Background grep is the GNU regular expression matcher. Description A heap buffer overrun has been fixed in the bmexectrans function in kwset.c. Impact A local user can cause Denial of Service. Workaround There is no known workaround at this time. Resolution All grep users should upgrade to the...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...