212 matches found
libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service uninitialized data dereference and application crash...
Directory traversal
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
Legal Robot: Validation bypass on user profile
A security researcher discovered that form validations for fields like first name, last name, and job title could be bypassed while editing a user profile...
[SECURITY] Fedora 23 Update: rubygem-activemodel-4.2.3-2.fc23
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
Possible Input Validation Circumvention
Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...
WordPress WP Accurate Form Data 1.2 XSS / CSRF
Title: WordPress 'WP Accurate Form Data' Plugin Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-21 Download: - https://wordpress.org/plugins/accurate-form-data-real-time-form-validation/ - https://plugins.svn.wordpress.org/accurate-form-data-real-time-form-validatio...
SuSE 11.3 Security Update : kvm and libvirt (SAT Patch Number 10222)
This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm : - Fix NULL pointer dereference because of uninitialized UDP socket. bsc897654, CVE-2014-3640 - Fix performance degradation after migration. bsc878350 - Fix potential image corruption due to missi...
Debian: Security Advisory (DSA-2462-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb24622.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory D...
Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability
A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...
Fedora Update for rubygem-activemodel FEDORA-2013-2391
Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-2391 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
Fedora Update for rubygem-activemodel FEDORA-2013-0635
Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-0635 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
Fedora Update for rubygem-activemodel FEDORA-2013-0686
Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-0686 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-2.fc17
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16
Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...
[SECURITY] [DSA-2471-1] ffmpeg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2471-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq -...