8699 matches found
Important: vim
Issue Overview: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. CVE-2022-3520 Use After Free in GitHub repository vim/vim prior to 9.0.0789. CVE-2022-3591 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuff...
Important: kernel
Issue Overview: In v4l2m2mquerybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...
Important: golang-googlecode-net
Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...
Medium: libtiff
Issue Overview: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service out-of-bounds read via a crafted tif file. CVE-2016-9532 A flaw was found in libtiff. Due to a memory allocation failure in...
Medium: 389-ds-base
Issue Overview: A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. CVE-2021-4091 A vulnerability was found in the 389 Directory Server...
Medium: libgcrypt
Issue Overview: A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...
Medium: expat
Issue Overview: expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to...
Medium: tomcat8
Issue Overview: Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly...
Important: bind
Issue Overview: A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as...
Medium: dnsmasq
Issue Overview: A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...
Medium: bind
Issue Overview: A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability. CVE-2020-8622 Affected Packages: bind Issue Correction: Run yum update bind to update...
Important: librepo
Issue Overview: A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path...
Important: squid
Issue Overview: A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. CVE-2020-15810 A flaw was found ...
Important: bind
Issue Overview: An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIN...
Important: unbound
Issue Overview: infinite loop via malformed DNS answers received from upstream servers CVE-2020-12663 insufficient control of network message volume leads to DoS CVE-2020-12662 Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ secti...
Important: thunderbird
Issue Overview: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR tag from the clipboard into...
Important: thunderbird
Issue Overview: Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.CVE-2019-11764 A flaw was discovered in both Firefox and Thunderbird...
Medium: keepalived
Issue Overview: keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data...
Medium: libssh2
Issue Overview: An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. CVE-2019-3858 An out of bounds read fla...
Medium: java-1.7.0-openjdk
Issue Overview: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful...
Important: qemu-kvm
Issue Overview: An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator QEMU. It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulti...
Important: patch
Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...
Important: kernel
Issue Overview: Race condition in the storeintwithrestart function in cpu/mcheck/mce.c: A race condition in the storeintwithrestart function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service panic by leveraging root access to write to the...
Medium: tomcat-native
Issue Overview: Mishandling of client certificates can allow for OCSP check bypass: When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing...
Medium: python27
Issue Overview: Integer overflow in PyStringDecodeEscape results in heap-base buffer overflow CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...
Medium: openssh
Issue Overview: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pamenv PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code ...
Medium: postgresql92, postgresql93, postgresql94
Issue Overview: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute...
Medium: squid
Issue Overview: A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation...
Medium: nginx
Issue Overview: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. Affected Packages: nginx...
Important: postgresql8
Issue Overview: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. Affected...
Low: glibc
Issue Overview: It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. Affected Packages: glibc Issue Correction: Run yum update glibc or yum update --advisory...
Critical: glibc
Issue Overview: A stack-based buffer overflow flaw was found in the senddg and sendvc functions, used by getaddrinfo and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the...
Low: grep
Issue Overview: A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. Affected...
Medium: krb5
Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...
Important: openldap, compat-openldap
Issue Overview: A flaw was found in the way the OpenLDAP server daemon slapd parsed certain Basic Encoding Rules BER data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. CVE-2015-6908 Affected Packages: openldap, compat-openldap Issue Correction: Run yum upda...
Important: 389-ds-base
Issue Overview: A flaw was found in the authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. Affected Packages: 389-ds-base Issue...
Medium: graphviz
Issue Overview: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Affected Packages: graphviz Issue Correction:...
Medium: ruby20
Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby20 Issue Correction:...
Medium: libXfont
Issue Overview: Multiple integer overflows in the 1 fsgetreply, 2 fsallocglyphs, and 3 fsreadextentinfo functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple...
Important: php55
Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in...
Medium: mod24_nss
Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...
Medium: mod_nss
Issue Overview: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss failed to enforce this requirement and allowed ...
Medium: cacti
Issue Overview: 1 snmp.php and 2 rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Multiple SQL injection vulnerabilities in 1 apipoller.php and 2 utility.php in Cacti before 0.8.8b allow remote attackers to execu...
Medium: curl
Issue Overview: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Affected Packages: curl Issue Correction: Run yum update...
Medium: socat
Issue Overview: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowpor...
Medium: mesa
Issue Overview: An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs Mozilla Firefox does this, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the...
Medium: gdb
Issue Overview: GDB tried to auto-load certain files such as GDB scripts, Python scripts, and a thread debugging library from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that...
Medium: mysql51
Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Affected Packages: mysql51 Issue Correction: Run yum update mysql51 or yum update --advisory ALAS-2013-152 to update your system. New Packages: i686: mysql51-5.1.67-1.60.amzn1.i686 ...
Medium: libtiff
Issue Overview: A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute...
Important: libxml2
Issue Overview: A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrar...