128 matches found
CVE-2018-1000076
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...
CVE-2018-1000074
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code...
CVE-2018-1000075
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
CVE-2018-1000077
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
CVE-2018-1000077
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
CVE-2018-1000078
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
Tor: Use of uninitialized value in networkstatus_parse_vote_from_string (src/or/routerparse.c:3533)
Triggered in 22139c0, compiled with -fsanitize=memory and clang 6.0.0-trunk. ./fuzz-consense test000bbb ==9293==WARNING: MemorySanitizer: use-of-uninitialized-value 0 0x5611f7f7e4de in networkstatusparsevotefromstring /root/tor/src/or/routerparse.c:3533:23 1 0x5611f75bbbd1 in fuzzmain...
Tor: Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)
Vulnerability description not provided...
Tor: Use of uninitialized value in memarea_strdup (src/common/memarea.c:369)
Triggered in 51e4748 , compiled with clang 6.0.0-trunk and -fsanitize=memory. ./fuzz-hsdescv2 test001 Uninitialized bytes in interceptorstrlen at offset 0 inside 0x7fff5525ff80, 51 ==19693==WARNING: MemorySanitizer: use-of-uninitialized-value 0 0x5570edfe5fbd in memareastrdup...
UBUNTU-CVE-2015-0853
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$xeyes...
Apple Safari - Out-of-Bounds Read when Calling Bound Function
Apple Safari - Out-of-Bounds Read when Calling Bound Function var ba; function s alert"in s"; ba = this; function g alert"in g"; return...
pcre2: Heap-buffer-overflow in _pcre2_auto_possessify_8
Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4892227272704000 Target: pcre2 Fuzzer: libFuzzerpcre2fuzzer Fuzzer binary: pcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...
pcre2: Heap-buffer-overflow in parsed_skip
Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6151126613229568 Target: pcre2 Fuzzer: libFuzzerpcre2fuzzer Fuzzer binary: pcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash...
CVE-2015-0616
The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, and 9.x before 9.12SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart by improperly terminating SIP TCP...
CVE-2015-0615
The call-handling implementation in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service port consumption by improperly terminating SIP sessions, ak...
CVE-2015-0614
The Connection Conversation Manager aka CuCsMgr process in Cisco Unity Connection 8.5 before 8.51SU7, 8.6 before 8.62aSU4, 9.x before 9.12SU2, and 10.0 before 10.01SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service core dump and restart via crafted SI...