153 matches found
CVE-2018-17282
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference...
UBUNTU-CVE-2017-18342
In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...
Windows Kernel 64-bit stack memory disclosure in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback)(CVE-2018-0810)
We have discovered that a user-mode callback invoked by the win32k!SfnINLPHELPINFOSTRUCT function via KeUserModeCallback leads to the disclosure of uninitialized stack memory to user-mode clients, due to compiler-introduced structure padding. The vulnerability affects Windows 7 64-bit; other...
Debian LTS: Security Advisory for hunspell-en-us (DLA-903-1)
The dictionary provided by this package had an unnecessary unversioned conflict against the thunderbird package which recently got reintroduced into Wheezy. This VT has been deprecated as it doesn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a reference...
CVE-2017-1000127
Exiv2 0.26 contains a heap buffer overflow in tiff parser...
CVE-2017-16644
The hdpvrprobe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service improper error handling and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-11553
There is an illegal address access in the extendaliastable function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service...
DEBIAN-CVE-2017-1000365
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel version...
UBUNTU-CVE-2017-1000365
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY 1/4 of the size, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel version...
openSUSE Security Update : tiff (openSUSE-2017-53)
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools bnc914890 - CVE-2016-9297: tifdirread.c read outside buffer in TIFFPrintField bnc1010161 - CVE-2016-3658: Illegal read i...
CVE-2014-9621
The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string...
Debian Security Advisory DSA 1225-1 (mozilla-firefox)
The remote host is missing an update to mozilla-firefox announced via advisory DSA 1225-1. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:...
Deleting a custom field which has an issue security scheme or permission scheme on it does not update the index and issue navigator is out of date
emphasized textSimilar to JRA-12410 - deleting a custom field does not adequately clean up after itself. Specifically, affected issues are not reindexed so the updated security and permission aspects are not reflected in search results which is a security hole. Note that a naive fix may produce...