3355 matches found
UBUNTU-CVE-2017-7963
The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause a denial of service memory consumption and application crash via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely...
PT-2017-18030 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...
Dmitry 1.3a - Local Buffer Overflow (PoC)
Dmitry 1.3a - Local Buffer Overflow PoC Exploit Title: DmitryDeepmagic Information Gathering Tool Local Stack Buffer Overflow CVE: CVE-2017-7938 CWE: CWE-119 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/ Versio...
SUSE-SU-2017:0948-1 Security update for ruby
This update for ruby fixes the following issues: Secuirty issues fixed: - CVE-2015-1855: Ruby OpenSSL Hostname Verification bsc926974 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 Bugfixes: - fix small mistake in the backport for bsc986630...
The vulnerability of the library that handles system calls and core functions of glibc allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the strxfrm function in the library, which handles system calls and core glibc functions, is due to a numerical overflow. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code using a long string...
USN-3253-1: Nagios vulnerabilities
It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2013-7108, CVE-2013-7205 It was discovered that Nagios incorrectly...
USN-3253-1 nagios3 vulnerabilities
It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2013-7108, CVE-2013-7205 It was discovered that Nagios incorrectly...
CVE-2017-7210
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...
Heap overflow
The peILFobjectp function in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2lin...
glibc: Unbounded stack allocation in nan* functions
A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code...
CVE-2017-7210
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...
UBUNTU-CVE-2017-7210
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...
Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-3235-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3235-1 advisory. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafte...
Dashbuilder: insecure handling of CSRF token
It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...
USN-3235-1: libxml2 vulnerabilities
It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS...
Fedora 24 : gnome-boxes (2017-42df4eeb59)
gnome-boxes 3.20.4 release, fixing a possible security issue with storing the express installation password in clear text. - Store the user password in the keyring during an express installation. - Fix typo in debug string. - Fix printf format strings. Note that Tenable Network Security has...
Medium: openldap
Issue Overview: A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. Affected Packages: openldap Issue Correction: Run yum update openldap or yum update --advisory ALAS-2017-799 to updat...
Fedora 25 : gnome-boxes (2017-fc0140d4c5)
gnome-boxes 3.22.4 release, fixing a possible security issue with storing the express installation password in clear text. - Store the user password in the keyring during an express installation. - Fix typo in debug string in vm-configurator. - Fix printf format strings in the selectiontoolbar...
Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3184-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3184-1 advisory. It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's...
USN-3184-1: Irssi vulnerabilities
It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...