3355 matches found
augeas security update
1.4.0-2.el74.1 - Fix CVE-2017-7555, improper handling of escaped strings RHBZ1481545...
CVE-2014-8170
CVE-2014-8170 affects ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3. The issue stems from ovirt_safe_delete_config in ovirtfunctions.py (and other locations) not properly quoting input strings, enabling arbitrary command execution when a semicolon is included in...
Trend Micro Control Manager CCGIServlet HighRiskDetectionResult SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...
augeas: Improper handling of escaped strings leading to memory corruption
A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution...
Important: Red Hat Security Advisory: augeas security update
An update for augeas is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Regular Expression Denial Of Service (ReDoS)
debug is vulnerable to Regular Expression Denial Of Service ReDoS. The regular expression is used to map %o to util.inspect can take awhile for long strings, hanging an application...
Ruby Security Bypass Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the Basic authentication code of the WEBrick library in Ruby versions prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x...
InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability(CVE-2017-2782)
Summary An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
PT-2017-4100
Name of the Vulnerable Software and Affected Versions moment versions prior to 2.19.3 Description The issue is related to a regular expression denial of service via a crafted date string. It allows a remote attacker to cause a denial of service. The vulnerability is associated with an uncontrolle...
Heap overflow
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
DEBIAN-CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
The vulnerability of the SIP component of the Android operating system from the CAF repository, which allows a attacker to trigger buffer overflows.
The vulnerability of the SIP component of the Android operating system from the CAF repository is related to shortcomings in string processing the absence of a zero-terminated string. Exploiting this vulnerability can allow an attacker, acting remotely, to cause buffer overflows...
USN-3407-1 pyjwt vulnerability
It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch...
WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones
Do you believe that just because you have downloaded an app from the official app store, you're safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Andro...
MGASA-2017-0306 Updated augeas packages fix security vulnerability
A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution CVE-2017-7555...
PYSEC-2017-24
In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...