RHEL 7 : openldap (RHSA-2022:0621)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0621 advisory. OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocol...

CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...

Ubuntu 14.04 LTS / 16.04 LTS : Vim vulnerability (USN-3139-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3139-1 advisory. Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker...

UBUNTU-CVE-2016-1248

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

DLA-718-1 vim - security update

Bulletin has no description...

Gratipay: Submit a non valid syntax email

At https://gratipay.com/USER/emails/ you can submit a non valid email. To do it you only need to change type="email" in type="text" , you are using a filter, but special chars pass though, as you can see in the screenshots...

Debian DSA-3104-1 : bsd-mailx - security update

It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...

Debian DSA-3105-1 : heirloom-mailx - security update

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : - CVE-2004-2771 mailx interprets shell meta-characters in certain email addresses. - CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands ...

Jakarta Tomcat serves JSP source code when supplied malformed HTTP request

Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...