Lucene search
+L

170 matches found

redhat
redhat
added 2014/04/16 11:24 a.m.5 views

OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7AI score0.07571EPSS
Exploits0References5
cve
cve
added 2013/07/09 5:0 p.m.88 views

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

2.1CVSS5.9AI score0.00383EPSS
Exploits0References6Affected Software3
openvas
openvas
added 2013/03/08 12:0 a.m.41 views

Ubuntu Update for openjdk-6 USN-1755-1

Check for the Version of openjdk-6 OpenVAS Vulnerability Test $Id: gbubuntuUSN17551.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for openjdk-6 USN-1755-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

10CVSS0.1AI score0.86151EPSS
Exploits10References2
openvas
openvas
added 2013/03/08 12:0 a.m.57 views

Ubuntu: Security Advisory (USN-1755-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.86151EPSS
Exploits10References2
openvas
openvas
added 2013/03/08 12:0 a.m.301 views

Ubuntu: Security Advisory (USN-1755-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.86151EPSS
Exploits10References2
nessus
nessus
added 2013/03/08 12:0 a.m.29 views

Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1755-2)

USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. CVE-2013-0809 It was discovered that OpenJ...

10CVSS8.7AI score0.86151EPSS
Exploits10References3
ubuntu
ubuntu
added 2013/03/07 4:31 p.m.73 views

USN-1755-2: OpenJDK 7 vulnerabilities

USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. CVE-2013-0809 I...

10CVSS8.6AI score0.86151EPSS
Exploits10
nessus
nessus
added 2013/03/06 12:0 a.m.40 views

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1755-1)

It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. CVE-2013-0809 It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked...

10CVSS8.2AI score0.86151EPSS
Exploits10References3
nessus
nessus
added 2012/09/06 12:0 a.m.35 views

Mandriva Linux Security Advisory : python-django (MDVSA-2012:143)

Multiple vulnerabilities has been discovered and corrected in python-django : The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote...

5CVSS5.5AI score0.02641EPSS
Exploits1References4
osv
osv
added 2012/08/14 12:0 a.m.24 views

DSA-2529-1 python-django - several

Bulletin has no description...

5CVSS6AI score0.02641EPSS
Exploits1
prion
prion
added 2012/07/31 5:55 p.m.25 views

Design/Logic Flaw

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

5CVSS6.8AI score0.02641EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2012/07/31 5:0 p.m.35 views

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

6.1AI score0.02641EPSS
Exploits1References6
ubuntucve
ubuntucve
added 2012/07/31 12:0 a.m.26 views

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

5CVSS5.9AI score0.02641EPSS
Exploits1References5
freebsd
freebsd
added 2012/07/30 12:0 a.m.30 views

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.3.2 and Django 1.4.1 -- to remedy security issues reported to us: Cross-site scripting in authentication views Denial-of-service in image validation Denial-of-service via getimagedimensions All users are...

6.5AI score
Exploits0References1
ubuntucve
ubuntucve
added 2011/11/15 3:57 a.m.27 views

CVE-2011-2772

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

5CVSS5.9AI score0.02271EPSS
Exploits0References1
prion
prion
added 2011/11/15 3:57 a.m.22 views

Design/Logic Flaw

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

5CVSS7AI score0.02271EPSS
Exploits0References5Affected Software1
xen
xen
added 2011/05/09 12:8 p.m.15 views

paravirtualised kernel image validation

ISSUE DESCRIPTION 1. Problems ----------- The functions which interpret the kernel image supplied for a paravirtualised guest, and decompress it into memory when booting the domain, are incautious. Specifically: i Integer overflow in the decompression loop memory allocator might result in...

6.9CVSS5.9AI score0.00705EPSS
Exploits0
nvd
nvd
added 2011/02/04 1:0 a.m.13 views

CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

6.8CVSS6.1AI score0.02062EPSS
Exploits0References6
prion
prion
added 2011/02/04 1:0 a.m.13 views

Cross site scripting

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

6.8CVSS6.4AI score0.02062EPSS
Exploits0References6Affected Software1
packetstorm
packetstorm
added 2010/08/28 12:0 a.m.25 views

Professional Site Immobiliare SQL Injection

============ Advisory 25/08/2010 ============= Professional Site Immobiliare Multiple vulnerabilities Vendor's Description of Software: http://www.sitomastro.com Application Info: Name: Professional Site Immobiliare =============================================== Vulnerability Info: Type: SQL...

Exploits0
Rows per page
Query Builder