67 matches found
Information Disclosure
catalina is vulnerable to information disclosure attacks. The vulnerability exists due to the way catalina processes parameters after an exception occurs, allowing sensitive information to be revealed...
Command injection
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...
Keybase: Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user
Hello! When using the Keybase Chrome extension and viewing a Hacker News profile page with an additional id parameter in the query string, Hacker News uses the username from the first id parameter, whereas the Keybase extension uses the username from the second id parameter. Example URL:...
Privilege escalation
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges...
CVE-2017-8129
CVE-2017-8129 affects Huawei UMA products (software V200R001 and V300R001). The vulnerability is a privilege-elevation issue caused by insufficient validation/improper processing of parameters, enabling an attacker to craft specific packets to gain elevated privileges. Public details include CVSS...
CVE-2017-8128
CVE-2017-8128 affects Huawei UMA product in versions V200R001 and V300R001. Root cause: insufficient validation or improper processing of parameters leading to privilege elevation. Attackers could craft specific packets to gain elevated privileges. From the provided data, the CVSS metrics indicat...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905: Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...
SUSE-SU-2017:0346-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 bsc1020905 Upgrade to version jdk8u121 icedtea 3.3.0: - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution...
openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)
Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domains under Javax custom policy - S8148872, CVE-2016-3500:...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)
This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)
This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk fixes the following issues: - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25: Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 -...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)
This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking boo989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only boo989734 -...
Collabtive 1.x Multiple vulnerabilities
Уязвимость позволяет удаленному пользователю выполнить произвольные SQL команды в базе данных приложения. 1. Уязвимость существует из-за недостаточной обработки входных данных в HTTP POST параметре "name" в managetask.php, managemilestone.php и manageproject.php когда "action" установлен в "edit"...
Git 1.6.3 - Parameter Processing Remote Denial of Service
Git 1.6.3 - Parameter Processing Remote Denial of Service source: https://www.securityfocus.com/bid/35338/info Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinit...
GLSA-200804-10 : Tomcat: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-10 Tomcat: Multiple vulnerabilities The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or...
Tomcat information disclosure vulnerability
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...
Tomcat information disclosure vulnerability
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the...