UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

CVE-2015-8878

main/phpopentemporaryfile.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service race condition and heap memory corruption by leveraging an application that performs many temporary-file accesses...

The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Android operating system exists due to the lack of restrictions on the number of threads. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure memory corruption by using a specially crafted media file...

openSUSE Security Update : php5 (openSUSE-2016-576)

This update for php5 fixes the following issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2016-3074: Signedness vulnerability in bundled libgd ma...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

UBUNTU-CVE-2016-2428

libAACdec/src/aacdecdrc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via...

CVE-2016-2094

The vulnerability CVE-2016-2094 affects Tomcat’s HTTPS NIO Connector, where a remote attacker can cause a denial of service by opening a socket and not sending an SSL handshake, triggering a read-timeout and thread consumption. The provided documents describe the vulnerability and impact but do n...

CVE-2016-2094

The HTTPS NIO Connector allows remote attackers to cause a denial of service thread consumption by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability...

SUSE-SU-2016:1250-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency bsc976340. - CVE-2016-0687: Better byte behavior bsc976340. - CVE-2016-0695: Make DSA more fair bsc976340. - CVE-2016-3425: Better buffering o...

RHEL 7 : java-1.8.0-ibm (RHSA-2016:0716)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0716 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

CVE-2015-4170

Race condition in the ldsemcmpxchg function in drivers/tty/ttyldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service ldsemdownread and ldsemdownwrite deadlock by establishing a new tty thread during shutdown of a previous tty thread...

CVE-2015-4170

Race condition in the ldsemcmpxchg function in drivers/tty/ttyldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service ldsemdownread and ldsemdownwrite deadlock by establishing a new tty thread during shutdown of a previous tty thread...

Race condition

Race condition in the ldsemcmpxchg function in drivers/tty/ttyldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service ldsemdownread and ldsemdownwrite deadlock by establishing a new tty thread during shutdown of a previous tty thread...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

The tasks array included at least one null element

Challenge Management Pack fails to display a segment of the environmental topology or a portion of performance information. The vmspi.log default location: C:\Program Files\Veeam\Veeam Virtualization Extensions for System Center\Collector\Log contains the following entries: + VP038 buildInventory...

Code injection

The tmreclaimthread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tmreclaim call, which allows local users to cause a denial of service TM Bad Thing exception and panic via a...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...