Lucene search
+L

92 matches found

Oracle linux
Oracle linux
added 2012/01/30 12:0 a.m.48 views

ruby security update

1.8.7.352-4 - Address CVE-2011-4815 'DoS excessive CPU use via hash meet-in-the-middle attacks oCERT-2011-003' ruby-1.8.7-p352-CVE-2011-4815.patch - Resolves: rhbz768831...

7.8CVSS2AI score0.04246EPSS
Exploits2
Oracle linux
Oracle linux
added 2012/01/30 12:0 a.m.41 views

ruby security update

1.8.5-22.1 - Properly initialize the random number generator when forking new process ruby-1.8.7-CVE-2011-3009.patch - Related: rhbz768829 1.8.5-21.1 - Revert accidential move of tcl/tk libraries. - Related: rhbz768829 1.8.5-20.1 - Address CVE-2011-4815 "DoS excessive CPU use via hash...

7.8CVSS1.5AI score0.04246EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/01/16 12:0 a.m.36 views

FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)

oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...

7.8CVSS7.1AI score0.0436EPSS
Exploits3References7
Cent OS
Cent OS
added 2012/01/11 7:19 p.m.114 views

php, php53 security update

CentOS Errata and Security Advisory CESA-2012:0019 Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

6.4CVSS7.3AI score0.83911EPSS
Exploits17References7
RedHat Linux
RedHat Linux
added 2012/01/11 6:24 p.m.60 views

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

6.4CVSS7.3AI score0.83911EPSS
Exploits17References3
securityvulns
securityvulns
added 2012/01/02 12:0 a.m.121 views

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...

7.8CVSS8.8AI score0.04246EPSS
Exploits2
RubySec
RubySec
added 2011/12/28 12:0 a.m.26 views

CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)

Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

7.8CVSS6.1AI score0.04246EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2011/07/18 12:0 a.m.64 views

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/02/19 12:0 a.m.30 views

Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)

Multiple security vulnerabilities has been identified and fixed in pidgin : Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly CVE-2010-0277. In a user in a multi-user chat room has a nickname containi...

5CVSS7.9AI score0.02875EPSS
Exploits1References4
securityvulns
securityvulns
added 2009/12/21 12:0 a.m.61 views

[Suspected Spam][oCERT-2009-019] Ganeti path sanitization errors

2009-019 Ganeti path sanitization errors Description: Ganeti, an open source virtualisation manager, suffers from an input validation bug that poses a security risk. The vulnerability applies to the commands submitted, either locally via gnt- commands or remotely via the HTTP API, to the machine...

7.5CVSS1.6AI score0.03285EPSS
Exploits0
FreeBSD
FreeBSD
added 2009/10/30 12:0 a.m.21 views

KDE -- multiple vulnerabilities

oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...

0.3AI score
Exploits0References1
securityvulns
securityvulns
added 2009/10/28 12:0 a.m.44 views

[oCERT-2009-015] KDE multiple issues

2009-015 KDE multiple issues Description: KDE, an open source desktop environment, suffers from several bugs that pose a security risk. The oCERT team was contacted by Portcullis Security requesting help in handling a series of issues reported to the KDE project back in July 2007. Because of an...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/10/22 12:0 a.m.82 views

[oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation

2009-016 Poppler, Xpdf integer overflows during heap allocation Description: Poppler and Xpdf are two popular open source projects for processing PDF files. Both projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in...

9.3CVSS0.8AI score0.10228EPSS
Exploits1
ThreatPost
ThreatPost
added 2009/10/09 3:41 p.m.4 views

Google Plugs Android Security Holes

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks. According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hacker...

2AI score
Exploits0References2
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.129 views

[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection

2009-010 mimeTeX and mathTeX buffer overflows and command injection Description: The mimeTeX and mathTeX CGIs are widely used helper executables that allow mathematical equation rendering in the form of images. Both applications suffer from several buffer overflows as well as command injection...

10CVSS0.5AI score0.09024EPSS
Exploits1
securityvulns
securityvulns
added 2009/07/14 12:0 a.m.55 views

[oCERT-2009-012] libtiff tools integer overflows

2009-012 libtiff tools integer overflows Description: The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a sma...

9.3CVSS0.3AI score0.04152EPSS
Exploits1
securityvulns
securityvulns
added 2009/07/06 12:0 a.m.68 views

[oCERT-2009-008] Dillo integer overflow

2009-008 Dillo integer overflow Description: Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the...

7.5CVSS0.8AI score0.02502EPSS
Exploits1
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.129 views

[oCERT-2009-007] FCKeditor input sanitization errors

2009-007 FCKeditor input sanitization errors Description: FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary...

7.5CVSS0.6AI score0.83865EPSS
Exploits10
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.51 views

[oCERT-2009-009] CamlImages integer overflows

2009-009 CamlImages integer overflows Description: CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the...

7.5CVSS0.8AI score0.02612EPSS
Exploits0
securityvulns
securityvulns
added 2009/05/12 12:0 a.m.57 views

[oCERT-2009-004] AjaxTerm session id collision

2009-004 AjaxTerm session id collision Description: AjaxTerm, an open source web based terminal, uses a form of random session id generation which can lead to remote session hijacking. The ajaxterm.js script allocates session ids on the client side using the following method: var...

7.2AI score
Exploits0
Rows per page
Query Builder