Input validation

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...

CVE-2015-2268

CVE-2015-2268 affects Moodle’s filter/urltolink/filter.php across multiple branches (2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.4). The vulnerability allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string ...

chromium-browser: Sandbox escape in Chrome.

common/partialcircularbuffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service out-of-bounds write via vectors that trigger a write operation with a large amount of data,...

Google Chrome Buffer Overflow Vulnerability (CNVD-2015-03355)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the Google Chrome 'common/partialcircularbuffer.cc' file. As the program fails to handle encapsulation properly. A remote attacker can exploit this vulnerability by a large number of...

UBUNTU-CVE-2015-1252

common/partialcircularbuffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service out-of-bounds write via vectors that trigger a write operation with a large amount of data,...

Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability

A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this,...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-332)

OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could execute...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2015-331)

OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs : The following vulnerabilities were fixed : - CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. - CVE-2015-0459: 2D: unauthenticated remote attackers could...

Security update for java-1_8_0-openjdk (important)

OpenJDK was updated to jdk8u45-b14 to fix security issues and bugs. The following vulnerabilities were fixed: CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. CVE-2015-0459: 2D: unauthenticated remote attackers could execute arbitrar...

SUSE-SU-2015:0789-1 Security update for java-1_7_0-openjdk, java-1_7_0-openjdk-bootstrap

OpenJDK was updated to 2.5.5 - OpenJdk 7u79 to fix security issues and bugs: The following vulnerabilities were fixed: CVE-2015-0458: Deployment: unauthenticated remote attackers could execute arbitrary code via multiple protocols. CVE-2015-0459: 2D: unauthenticated remote attackers could execute...

DEBIAN-CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...

UBUNTU-CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...

openssh security, bug fix and enhancement update

6.6.1p1-11 + 0.9.3-9 - fix direction in CRYPTOSESSION audit message 1171248 6.6.1p1-10 + 0.9.3-9 - add new option GSSAPIEnablek5users and disable using /.k5users by default CVE-2014-9278 1169843 6.6.1p1-9 + 0.9.3-9 - log via monitor in chroots without /dev/log 1083482 6.6.1p1-8 + 0.9.3-9 - increa...

DEBIAN-CVE-2014-9421

The authgssapiunwrapdata function in lib/rpc/authgssapimisc.c in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service use-after-free and...

Kolibri Webserver 2.0 Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass

No description provided by source. !/bin/python import socket, sys, re Exploit Title: Kolibri POST Buffer overflow with EMET 5.0 and EMET 4.1 Partial Bypass Date: September 30th 2014 Author: tekwizz123 Vendor Homepage: http://www.senkas.com Software Download:...

UBUNTU-CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...

[SECURITY] Fedora 20 Update: nodejs-send-0.3.0-4.fc20

Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...

USN-2346-1 curl vulnerabilities

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. CVE-2014-3613 Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top...

cookie leak with IP address as domain

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application...