Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference

A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...

Debian DSA-3703-1 : bind9 - security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6662 - Release date: 12.09.2016 - Severity: Critical ============================================= I. VULNERABILITY ------------------------- MySQL = 5.7....

Updated iperf packages fix security vulnerability

A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash and a denial of service, or theoretically a remote code execution as the user running the iperf server. A malicious iperf...

Ubuntu: Security Advisory (USN-2883-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

krb5: multiple issues

CVE-2014-5355 denial of service When a server process uses the krb5recvauth function, an unauthenticated remote attacker can cause a NULL dereference by sending a zero-byte version string, or a read beyond the end of allocated storage by sending a non-null-terminated version string. The example...

Low: Red Hat Enhancement Advisory: Red Hat JBoss Enterprise Application Platform 6.4.1 update on RHEL 5

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.1, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server...

Debian DSA-3271-1 : nbd - security update

Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Rasanen also discovered that the modern-style negotiation was carried...

MC-SQLR Reflected Denial of Service

The SQL Server Resolution Protocol MC-SQLR is an application-layer request/response protocol that facilitates connectivity to a database server. The MC-SQLR server may be vulnerable to reflected DDoS attacks, due to its inability to handle a large number of incoming requests within a short period...

Holding Pattern Theme <= 0.6 - Arbitrary File Upload

An attacker can exploit this vulnerability to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation. Disclosure timeline: 2015-01-14 Vendor Alerted via email. 2015-01-14 Fix Requested via email. 2015-01-14...

icecast: information leak

It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. If on-connect/on-disconnect scripts are used, file descriptors of the server process remain open and could be written to or read from. Most pressing STDIN,...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update

Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

LibVNCServer scale.c rfbSendNewScaleSize Use After Free

A use-after-free vulnerability has been found in LibVNCServer. The vulnerability is due to an issue with processing wrt scaling messages. A remote attacker can exploit this vulnerability by sending a wrt scaling message and terminating the connection before receiving server's response. Successful...

PowerDNS Recursor Denial of Service (CVE-2014-3614)

A denial-of-service vulnerability has been found in PowerDNS Recursor. The vulnerability is due to insufficient validation of DNS queries. A remote unauthenticated attacker could exploit this vulnerability by sending maliciously crafted DNS queries to a vulnerable server. Successful exploitation...

Cisco IOS XR Software DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCP version 6 DHCPv6 code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash. The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this...

VoipSwitch - user.php Local File Inclusion

VoipSwitch - user.php Local File Inclusion source: https://www.securityfocus.com/bid/69109/info VoipSwitch is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scrip...

ezUpload 2.2 index.php path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...

ezUpload 2.2 initialize.php path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...

Half-Life StatsMe 2.6.x Plug-in CMD_ARGV Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6575/info The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...

ezUpload 2.2 form.php path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...