9263 matches found
Amazon Linux: Security Advisory (ALAS-2016-658)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2016-657)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: tomcat7
Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...
Medium: tomcat6
Issue Overview: It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing...
Medium: tomcat8
Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...
Fedora 23 : nodejs-is-my-json-valid-2.12.4-1.fc23 (2016-25ab518a58)
Security fix for Regular expression DoS using utc-millisec format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 22 : nodejs-is-my-json-valid-2.12.4-1.fc22 (2016-3441e9da2f)
Security fix for Regular expression DoS using utc-millisec format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
pcre -- heap overflow vulnerability
Mitre reports: The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer...
Security update for postgresql94 (important)
This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: IMPORTANT Users of version 9.4 will need to reindex any jsonbpathops indexes they have created, in order to fix a persistent issue with missing index entries. Fix infinite loops and buffer-overrun proble...
Joyent Node.js is-my-json-valid Denial of Service Vulnerability
Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform. is-my-json-valid is one of the JSONSchema describing the JSON data format validation package. A security vulnerability exists in Joyent Node.js is-my-json-vali...
CVE-2016-2537
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports'utc-millisec' regular expression, which allows remote attackers to cause a denial of service blocked event loop via a crafted string...
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service infinite loop or buffer overflow and crash via a large Unicode character range in a regular expression...
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
Cross compiled Perl-compatible regular expression library for use with ming w32. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regula...
CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service infinite loop or buffer overflow and crash via a large Unicode character range in a regular expression...
UBUNTU-CVE-2016-0773
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service infinite loop or buffer overflow and crash via a large Unicode character range in a regular expression...
VulnCheck KEV: CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the MageAdminhtmlBlockWidgetGrid class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularityfieldexpr parameter when the...
Debian DSA-3447-1 : tomcat7 - security update
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...
Regular Expression Denial of Service
Overview Versions of is-my-json-valid prior to 2.12.4 are affected by a regular expression denial of service vulnerability when user input is allowed into a utc-millisec validator. Recommendation Update to version 2.12.4 or later...
Debian Security Advisory DSA 3447-1 (tomcat7 - security update)
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. OpenVAS Vulnerability Test $Id: deb3447.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...
DSA-3447-1 tomcat7 - security update
Bulletin has no description...