OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...

Cacti 'Linux - Get Memory Usage' RCE Vulnerability

Cacti is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

DEBIAN-CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

Input validation

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...

[SECURITY] Fedora 11 Update: ocaml-camlimages-3.0.1-7.fc11.2

CamlImages is an image processing library for Objective CAML, which provide s: basic functions for image processing and loading/saving, various image file formats hence providing a translation facility from format to format, and an interface with the Caml graphics library allows to display images...

Null pointer dereference

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...

CVE-2009-1895

The vulnerability CVE-2009-1895 affects the Linux kernel’s personality subsystem prior to 2.6.31-rc3, where PER_CLEAR_ON_SETID fails to clear ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO when executing a setuid/setgid program. This enables local users to exploit memory‑layout details to perform NULL poi...

Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability

Overview Hitachi Web Server contains a vulnerability that could lead to a denial of service DoS condition when using it as a reverse proxy due to excessive memory usage. Impact The server could fall into a denial of service DoS state when continuously receiving fraudulent responses from backend W...

RedHat Security Advisory RHSA-2009:1139

The remote host is missing updates announced in advisory RHSA-2009:1139. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime OSCAR protocol is used by the AOL ICQ and...

Ubuntu: Security Advisory (USN-785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libwmf vulnerability (USN-769-1)

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user...

libxml2: billion laughs DoS attack

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

DEBIAN-CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...