117 matches found
CVE-2015-7232
The CVE-2015-7232 issue affects the OSF for Drupal module (Drupal 7.x) specifically in the 7.x-3.x line prior to 7.x-3.1, when the OSF Ontology module is enabled. The vulnerability is a Cross-Site Scripting (XSS) in unspecified administration pages, allowing remote attackers to inject arbitrary s...
CVE-2015-7233
Cross-site request forgery CSRF vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors...
CVE-2015-7234
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors...
CVE-2015-7234
The vulnerability CVE-2015-7234 affects the Drupal OSF module (7.x-3.x) prior to 7.x-3.1 when the OSF Ontology and OSF Import modules are enabled. A user-assisted remote attacker can delete arbitrary files via unspecified vectors. The issue is mitigated by upgrading to OSF 7.x-3.1 (as documented ...
Drupal OSF for Drupal module cross-site request forgery vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. osf for Drupal is one of the middle-tier modules that allows customization tools and data display for internally structured data RDF and related vocabularies ontologies. A cross-site...
Several Critical Flaws Patched in Drupal Module
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drup...
OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134
The Open Semantic Framework OSF for Drupal is a middleware layer that allows structured data RDF and associated vocabularies ontologies to "drive" tailored tools and data displays within Drupal. The module is vulnerable to reflected Cross Site Scripting XSS because it did not sufficiently filter...
CVE-2011-2208
Integer signedness error in the osfgetdomainname function in arch/alpha/kernel/osfsys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call...
CentOS Update for kernel CESA-2011:0833 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Ubuntu 10.10 : linux vulnerabilities (USN-1183-1)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Neil Horman discovered that NFSv4 did not correctly handle...
Ubuntu Update for linux USN-1168-1
Ubuntu Update for Linux kernel vulnerabilities USN-1168-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11681.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1168-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 8.04 LTS : linux vulnerabilities (USN-1170-1)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 It was discovered that Xen did not correctly handle certain...
Ubuntu 10.04 LTS : linux vulnerabilities (USN-1168-1)
Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. CVE-2011-1017 Neil Horman discovered that NFSv4 did not correctly handle certain orde...
Ubuntu: Security Advisory (USN-1168-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1170-1: Linux kernel vulnerabilities
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 It was discovered that Xen did not correctly handle certain...
USN-1168-1: Linux kernel vulnerabilities
Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. CVE-2011-1017 Neil Horman discovered that NFSv4 did not correctly handle certain orde...
Linux Kernel fs/partitions/osf.c信息泄露漏洞
BUGTRAQ ID: 46878 CVE ID: CVE-2011-1163 Linux Kernel是Linux操作系统的内核。 Linux Kernel在fs/partitions/osf.c的实现上存在信息泄露漏洞,本地攻击者可利用此漏洞从堆内存获取敏感信息。 自动验证存储设备的OSF分区表的代码中存在缓冲区溢出错误 Linux kernel 2.6.x OpenVZ Project OpenVZ 028stab091.1 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...
kernel: fs/partitions: Corrupted OSF partition table infoleak
The osfpartition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing...
Debian DSA-2264-1 : linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2524 David Howells reported an issue in the Common...
[SECURITY] [DSA 2240-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 [email protected] http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq -...