4005 matches found
Debian DLA-496-1 : ruby-activerecord-3.2 security update
CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. For Debian 7 'Wheezy', this problem have...
[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update
Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change...
pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)
The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...
CVE-2016-3705
The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...
UBUNTU-CVE-2016-3705
The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...
pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)
The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...
pcre: inefficient posix character class syntax check (8.38/16)
The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...
Gentoo Security Advisory GLSA 201605-01
Gentoo Linux Local Security Checks GLSA 201605-01 SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)
Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...
GLSA-201605-01 : Git: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201605-01 Git: Multiple vulnerabilities Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large number of nested trees. Additionally, some protocols within Git, such as...
Git: Multiple vulnerabilities
Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Git is vulnerable to the remote execution of arbitrary code by cloning repositories with large filenames or a large...
UBUNTU-CVE-2016-4421
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service deep recursion, stack consumption, and application crash via a packet that specifies deeply nested data...
LDAP Based Active Directory Enumeration: AD-LDAP-Enum
ad-ldap-enum is a Python script that was developed to discover users and their group memberships from Active Directory. In large Active Directory environments, tools such as NBTEnum were not performing fast enough. By executing LDAP queries against a domain controller, ad-ldap-enum is able to...
DEBIAN-CVE-2016-2324
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, which triggers a heap-based buffer overflow...
CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...
DEBIAN-CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...
Heap overflow
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...
CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...
CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...
The vulnerability of the Ruby on Rails software platform, which allows attackers to circumvent existing access control policies
The vulnerability in the nestedattributes.rb file of the activerecord/lib/activerecord module in the Ruby on Rails software framework is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to bypass existing access restrictions by using nested attributes ...