102 matches found
SUSE SLED15 / SLES15 Security Update : spice-vdagent (SUSE-SU-2020:3268-1)
This update for spice-vdagent fixes the following issues : Security issues fixed : CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781...
openSUSE Security Update : spice-vdagent (openSUSE-2020-1898)
This update for spice-vdagent fixes the following issues : Security issues fixed : - CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781. -...
Debian DLA-1421-1 : ruby2.1 security update
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...
Debian DLA-1359-1 : ruby1.8 security update
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...
Debian DLA-1358-1 : ruby1.9.1 security update
Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...
[SECURITY] [DLA 1359-1] ruby1.8 security update
Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u6 CVE ID : CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following...
[SECURITY] [DLA 1358-1] ruby1.9.1 security update
Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u8 CVE ID : CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 Multiple vulnerabilities were found in the interpreter for the Ruby language. The...
UBUNTU-CVE-2017-13798
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote...
DEBIAN-CVE-2017-7120
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...
DEBIAN-CVE-2016-9911
Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...
UBUNTU-CVE-2016-8858
The kexinputkexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."...
USN-3084-2 linux-lts-xenial vulnerabilities
USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A...
openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)
This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-16 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17 Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-18 CSP reports fail to strip location information for embedded iframe pages MFSA 2016-19 Linux video...
Java: Java XML Signature DoS Attack
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions DTDs to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial ...
UBUNTU-CVE-2013-0961
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, a different vulnerability than CVE-2013-0960...
Scientific Linux Security Update : openssl on SL5.x i386/x86_64
CVE-2009-0590 openssl: ASN1 printing crash CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw DoS CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request...
DEBIAN-CVE-2012-1181
fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...
CVE-2011-2008
Microsoft Host Integration Server HIS 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service SNA Server service outage via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."...
DEBIAN-CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service memory consumption via a message that does not match a regular expression...