9137 matches found
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...
Information disclosure
The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ClearCase 7.1.2.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 does not properly generate random numbers, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via...
Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2015-1465
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...
DEBIAN-CVE-2015-1465
The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update RCU grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service memory consumption or system crash via a flood of...
CVE-2015-1465
The CVE-2015-1465 issue affects the Linux kernel IPv4 code prior to 3.18.8, where the RCU grace period length is not properly considered when redirecting lookups without caching. This can allow remote attackers to cause a denial of service via a flood of packets, leading to memory consumption or ...
Certificate verification bypass through the HTTP/2 Alt-Svc header — Mozilla
Security researcher Muneaki Nishimura discovered a flaw in the Mozilla's HTTP Alternative Services implementation. If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SS...
Cisco IOS Software TCP CIP DoS
According to its self-reported version, the Cisco IOS software running on the remote device is affected by multiple flaws in the Common Industrial Protocol CIP implementation that allow a remote, unauthenticated attacker to cause a denial of service DoS condition, as follows: - A denial of servic...
CVE-2015-0811
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...
CVE-2015-0811
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...
CentOS 7 : kernel (CESA-2015:0726)
Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
PYSEC-2015-35
Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...
CVE-2015-0838
Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...
KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service heap memory corruption and bypass an...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a...
Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)
Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs...
Debian DSA-3206-1 : dulwich - security update
Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-9706 It was discovered that Dulwich allows...
Debian DLA-184-1 : binutils security update
Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security...
[SECURITY] [DLA 184-1] binutils security update
Package : binutils Version : 2.20.1-16+deb6u1 CVE ID : CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multip...