CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...

CVE-2017-11019

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the getmetadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence...

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

Debian DSA-4031-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in...

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4031-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel local denial of service vulnerability (CNVD-2017-33091)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A local denial of service vulnerability exists in the sound/core/seqdevice.c file in versions of Linux kernel prior to 4.13.4. A local attacker can exploit this vulnerability ...

UBUNTU-CVE-2017-16528

sound/core/seqdevice.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service sndrawmididevseqfree use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...

Ruby mail gem command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. mail gem is one of the e-mail processing libraries. A command injection vulnerability exists in Ruby mail gem versions prior to 2.5.5. The vulnerability c...

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

Design/Logic Flaw

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

PT-2017-6436 · Apache · Apache Qpid

Name of the Vulnerable Software and Affected Versions: Apache Qpid versions 0.30 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted protocol sequence set. This problem exists due to an incomplete fix for a...

Amazon Linux AMI : ruby24 (ALAS-2017-915)

Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...

USN-3464-1 wget vulnerabilities

Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-13089, CVE-2017-13090 Dawid Golunski...

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...