Lucene search
+L

2302 matches found

Tenable Nessus
Tenable Nessus
added 2016/06/01 12:0 a.m.39 views

openSUSE Security Update : libxml2 (openSUSE-2016-662)

libxml2 was updated to fix security issues and a regression from the last version update. Security issues fixed : - CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in recovery mode bnc972335. - CVE-2016-3705: Improved protection against the Billion Laughs Attack bnc975947...

7.5CVSS6.8AI score0.07025EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2016/06/01 12:0 a.m.33 views

openSUSE Security Update : ntp (openSUSE-2016-649)

This update for ntp fixes the following issues : - Update to 4.2.8p7 boo977446 : - CVE-2016-1547, boo977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, boo977461: Interleave-pivot - CVE-2016-1549, boo977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550,...

9.8CVSS6.9AI score0.81762EPSS
Exploits20References76
Tenable Nessus
Tenable Nessus
added 2016/05/26 12:0 a.m.64 views

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2985-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2985-1 advisory. Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain...

9.8CVSS8.4AI score0.07629EPSS
Exploits6References12
Mageia
Mageia
added 2016/05/21 10:11 p.m.30 views

Updated jansson packages fix CVE-2016-4425

Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...

7.5CVSS4.9AI score0.01894EPSS
Exploits0References2
OSV
OSV
added 2016/05/18 12:36 p.m.8 views

SUSE-SU-2016:1344-1 Security update for wireshark

This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash wnpa-sec-2016-22...

7.1CVSS5.5AI score0.03104EPSS
Exploits0References7
Debian
Debian
added 2016/05/17 10:46 p.m.72 views

[SECURITY] [DLA 477-1] librsvg security update

Package : librsvg Version : 2.36.1-2+deb7u2 CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348 Note CVE-2016-4347 is a duplicate of CVE-2015-7558 Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found they will produce stack exhaustion by Gustavo Grieco. The version in wheezy...

7.5CVSS7.8AI score0.02427EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2016/05/16 12:0 a.m.17 views

PT-2016-3397 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 Description: The issue is related to a stack consumption problem in the Zend/zend exceptions.c component of PHP, caused by insufficient input...

10CVSS8.6AI score0.53166EPSS
Exploits108References302
Tenable Nessus
Tenable Nessus
added 2016/05/16 12:0 a.m.23 views

Debian DLA-471-1 : jansson security update

Applications that depend on Jansson, a C library for encoding, decoding and manipulating JSON data, could crash due to stack exhaustion while parsing a JSON file. This was caused due to an unlimited parsing depth when parsing JSON arrays and is now fixed by limiting the depth to 2048. For Debian ...

7.5CVSS7AI score0.01894EPSS
Exploits0References3
OSV
OSV
added 2016/05/14 12:0 a.m.15 views

DSA-3577-1 jansson - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01894EPSS
Exploits0
Debian
Debian
added 2016/05/13 5:9 p.m.50 views

[SECURITY] [DLA 471-1] jansson security update

Package : jansson Version : 2.3.1-2+deb7u1 CVE ID : CVE-2016-4425 Debian Bug : 823238 Applications that depend on Jansson, a C library for encoding, decoding and manipulating JSON data, could crash due to stack exhaustion while parsing a JSON file. This was caused due to an unlimited parsing dept...

7.5CVSS7.3AI score0.01894EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/05/13 12:0 a.m.51 views

openSUSE Security Update : ntp (openSUSE-2016-578)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...

7.7CVSS6.5AI score0.11887EPSS
Exploits5References32
RedHat Linux
RedHat Linux
added 2016/05/10 6:35 p.m.6 views

ntp: stack exhaustion in recursive traversal of restriction list

A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd...

7.5CVSS7.5AI score0.09985EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2016/05/09 12:0 a.m.31 views

Mageia: Security Advisory (MGASA-2016-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.3AI score0.02401EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2016/05/04 7:49 a.m.36 views

CVE-2016-3705

Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck and xmlParseAttValueComplex functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack...

5CVSS4AI score0.05103EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/05/02 12:0 a.m.42 views

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002...

7.7CVSS6.5AI score0.11887EPSS
Exploits5References45
Tenable Nessus
Tenable Nessus
added 2016/05/02 12:0 a.m.43 views

SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)

ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed : - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002. - CVE-2015-7979: Off-path Denial of Service DoS attack on authenticated...

7.7CVSS6.5AI score0.11887EPSS
Exploits5References45
FreeBSD
FreeBSD
added 2016/05/01 12:0 a.m.24 views

jansson -- local denial of service vulnerabilities

QuickFuzz reports: A crash caused by stack exhaustion parsing a JSON was found...

7.5CVSS3.4AI score0.01894EPSS
Exploits0References2
OSV
OSV
added 2016/04/28 1:46 p.m.15 views

SUSE-SU-2016:1175-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002. - CVE-2015-7979: Off-path Denial of Service DoS attack on authenticated...

7.7CVSS6.2AI score0.11887EPSS
Exploits5References33
OSV
OSV
added 2016/04/28 1:45 p.m.11 views

SUSE-SU-2016:1177-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002....

7.7CVSS6.3AI score0.11887EPSS
Exploits5References33
OSV
OSV
added 2016/04/26 6:2 p.m.10 views

MGASA-2016-0153 Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The NCP dissector could crash CVE-2016-4076. TShark could crash due to a packet reassembly bug CVE-2016-4077. The IEEE 802.11 dissector could crash CVE-2016-4078. The PKTC dissector could crash CVE-2016-4079. The PKTC dissector could crash...

5.9CVSS5.6AI score0.02401EPSS
Exploits1References13
Rows per page
Query Builder