CVE-2014-0230

CVE-2014-0230 affects Apache Tomcat: 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9. The issue occurs when an HTTP response is sent before the server finishes reading the entire request body, enabling remote attackers to trigger a denial-of-service via a series of aborted upload attem...

Jildi FTP Client 1.5.2 Build 1138 Buffer Overflow Exploit

Jildi FTP Client version 1.5.2 build 1138 suffers from a buffer overflow vulnerability. !/usr/bin/python Exploit Title:Jildi FTP Client Buffer Overflow Poc Version:1.5.2 Build 1138 Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-21604-10562942.html Software...

DEBIAN-CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to...

Race condition

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

CVE-2015-2715

CVE-2015-2715 describes a race condition in Mozilla Firefox prior to 38.0 related to nsThreadManager::RegisterCurrentThread during shutdown when Media Decoder threads are created. This leads to use-after-free and heap memory corruption, enabling remote attackers to potentially execute arbitrary c...

Mozilla Firefox Conditional Contested Memory Misreference Vulnerability

Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox's creation of a media decoding thread in the shutdown process can lead to a race condition vulnerability that can lead to memory misreferences, which allows remote attackers to exploit the vulnerability to build malicious WEB...

tomcat6: denial of service

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat woul...

firefox: multiple issues

CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...

UBUNTU-CVE-2015-2715

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

Fixed in Apache Tomcat 6.0.44

Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA-2015-46 Miscellaneous memory safety hazards rv:38.0 / rv:31.7 MFSA-2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer MFSA-2015-48 Buffer overflow with SVG content and CSS MFSA-2015-49 Referrer policy ignored when links opened by middle-click and...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

Race condition

Multiple race conditions in IBM WebSphere Application Server WAS 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user...

CVE-2015-1882

Multiple race conditions in IBM WebSphere Application Server WAS 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user...

kvm security update

kvm-83-270.0.1.el511 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch kvm-83-270.el5 - KVM: x86: Check non canonical addresses upon WRMSR - Resolves: bz1152982 CVE-2014-3610 kernel: kvm: noncanonical MSR writes rhel-5.11.z kvm-83-269.el5 - KVM:...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.0 update

Red Hat JBoss BRMS 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nspr (openSUSE-2015-290)

Mozilla Firefox and Thunderbird were updated to fix several important vulnerabilities. Mozilla Firefox was updated to 37.0.1. Mozilla Thunderbird was updated to 31.6.0. mozilla-nspr was updated to 4.10.8 as a dependency. The following vulnerabilities were fixed in Mozilla Firefox : - Miscellaneou...