Lucene search
K

126 matches found

Slackware Linux
Slackware Linux
added 2016/09/21 10:33 p.m.28 views

[slackware-security] irssi

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/irssi-0.8.20-i586-1slack14.2.txz: Upgraded. This update fixes two remote crash and heap corruption...

7.5CVSS8.1AI score0.04707EPSS
Exploits2
Mozilla
Mozilla
added 2016/01/26 12:0 a.m.43 views

Out of Memory crash when parsing GIF format images — Mozilla

Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow...

6.5CVSS7.8AI score0.01791EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.52 views

CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS7.8AI score0.14714EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2016/01/21 12:0 a.m.308 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20160120) (SLOTH)

An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...

10CVSS8.1AI score0.14714EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2016/01/14 12:0 a.m.33 views

Mageia: Security Advisory (MGASA-2016-0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.28167EPSS
Exploits43References5
Hacker One
Hacker One
added 2015/12/21 2:43 p.m.20 views

Coinbase: Potential for Double Spend via Sign Message Utility

Hi, There is an unlikely but theoretically exploitable vulnerability is caused by allowing users to sign messages with their addresses. So far I have not been able to exploit this, but I believe that it is exploitable. On coinbse.com, the user can see a list of their addresses here. When they cli...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/11/10 12:0 a.m.27 views

FreeBSD : powerdns -- Denial of Service (56665ccb-8723-11e5-9b13-14dae9d210b8)

PowerDNS reports : A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdnsserver process, causing a Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

5CVSS5.2AI score0.67456EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.68 views

Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)

According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...

9.8CVSS7.6AI score0.9986EPSS
Exploits3References20
OSV
OSV
added 2015/06/13 12:0 a.m.52 views

DSA-3287-1 openssl - security update

Bulletin has no description...

7.5CVSS6.7AI score0.9986EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/05/19 12:0 a.m.289 views

Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)

According to its self-reported version number, the Apache Tomcat server listening on the remote host is 8.0.x prior to 8.0.21. It is, therefore, affected by the following vulnerabilities : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is...

6.8CVSS7.4AI score0.98685EPSS
Exploits0References20
OSV
OSV
added 2015/03/19 12:0 a.m.45 views

DSA-3197-1 openssl - security update

Bulletin has no description...

7.5CVSS6.8AI score0.44503EPSS
Exploits1
Debian
Debian
added 2015/03/17 3:35 p.m.33 views

[SECURITY] [DLA 175-1] gnupg security update

Package : gnupg Version : 1.4.10-4+squeeze7 CVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606 Debian Bug : 778652 Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by...

5.9CVSS6.6AI score0.01952EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/03/12 12:0 a.m.28 views

Debian Security Advisory DSA 3184-1 (gnupg - security update)

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

2.6CVSS6.3AI score0.01952EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/01/26 6:10 p.m.77 views

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS6.8AI score0.99999EPSS
Exploits12References14
RedHat Linux
RedHat Linux
added 2015/01/20 10:38 p.m.65 views

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

10CVSS6.8AI score0.99999EPSS
Exploits12References14
Check Point Advisories
Check Point Advisories
added 2014/08/09 12:0 a.m.2 views

Oracle Java SE GSUB FeatureCount Buffer Overflow

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...

4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

CREAR ALMail32 1.10 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/574/info The ALMail32 POP3 client conatins unchecked buffers in the header parsing code. An abnormally long FROM: or TO: field in the header of an incoming email will overwrite the buffer and allow arbitrary code to be...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

IRIX 6.5.x gr_osview Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1526/info Under certain versions of IRIX, the 'grosview' command contains a buffer overflow that local attackers can exploit to gain root privileges. The grosview command produces a graphical display of memory-management...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/04/17 12:0 a.m.17 views

Windows XP Registry Editor buffer overflow vulnerability-vulnerability warning-the black bar safety net

Windows XP Registry Editor buffer overflow vulnerability 漏洞 文件 regedit.exe Version: 5.1.2600.5512 Test environment is win xp sp3 ! Resolve issues, resulting in buffer overflow vulnerabilities. the poc structure is very simple. I was thus constructed. 1 free to find a registry, 打开注册表项搜索Notepad.exe...

2.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/04/10 12:0 a.m.54 views

WellinTech KingScada AEserver.exe Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code contained in kxNetDispose.dll. The parent service is...

10CVSS7.3AI score0.1602EPSS
Exploits5References1
Rows per page
Query Builder