135 matches found
Cross site request forgery (csrf)
Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...
CVE-2017-16026
Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...
CVE-2017-16026
Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...
DEBIAN-CVE-2017-17046
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...
UBUNTU-CVE-2017-17046
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled...
Linux kernel denial of service vulnerability (CNVD-2017-30420)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. Security/keys/keyctl.c in the Linux kernel does not take into account the combination of NULL payloads and...
Uninitialized Memory Disclosure
openwhisk is vulnerable to uninitialized memory disclosure. The library initializes a buffer by providing a numeric value to the Buffer class, resulting in a buffer being created with non zero-ed out memory. This can lead to information on the uninitialized memory being disclosed...
UBUNTU-CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file...
libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
glibc: calloc may return non-zero memory
It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes...
Red Hat Enterprise Linux kernel usbvision driver denial of service vulnerability
Red Hat Enterprise Linux RHEL is a Linux operating system for business users maintained and distributed by Red Hat, Inc. The Linux kernel is the kernel used by the operating system and is distributed by the Linux Foundation. A security vulnerability exists in the usbvision driver in the Linux...
glibc: calloc may return non-zero memory
It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes...
DEBIAN-CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...