8694 matches found
Medium: php
Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the...
Important: 389-ds-base
Issue Overview: It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose...
Medium: kernel
Issue Overview: The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a...
Medium: openssl
Issue Overview: A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL...
Important: httpd24
Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...
Medium: transmission
Issue Overview: Integer overflow in the trbitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Affected Packages:...
Important: java-1.6.0-openjdk
Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...
Important: httpd
Issue Overview: A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cau...
Medium: gnupg
Issue Overview: The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Affected Packages: gnupg...
Medium: dovecot
Issue Overview: Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. Affected...
Medium: cacti
Issue Overview: Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php...
Medium: gnupg2
Issue Overview: The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Affected Packages: gnupg2...
Critical: nss
Issue Overview: Use-after-free vulnerability in the CERTDestroyCertificate function in libnss3.so in Mozilla Network Security Services NSS 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors...
Medium: python27
Issue Overview: It was reported http://bugs.python.org/issue21529 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: The sole prerequisites of this attack are that the...
Important: php-ZendFramework
Issue Overview: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass...
Critical: java-1.7.0-openjdk
Issue Overview: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discover...
Critical: nspr
Issue Overview: Mozilla Netscape Portable Runtime NSPR before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds write via vectors involving the sprintf and console functions. Affected Packages: nspr Issue Correction: Run yum update nspr or yum...
Medium: file
Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. Buffer overflow in the mconve...
Important: mod24_wsgi
Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...
Low: chrony
Issue Overview: It was reported that the cmdmon protocol implemented in chrony was found to be vulnerable to DDoS attacks using traffic amplification. By default, commands are allowed only from localhost, but it's possible to configure chronyd to allow commands from any address. This could allow ...
Medium: php54
Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...
Important: chkrootkit
Issue Overview: A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Affected Packages: chkrootki...
Medium: openssh
Issue Overview: sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the...
Medium: python-jinja2
Issue Overview: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp. Affected Packages: python-jinja2 Issue...
Medium: lzo
Issue Overview: An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that...
Important: mod_wsgi
Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...
Medium: php55
Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...
Low: python-simplejson
Issue Overview: It was reported http://bugs.python.org/issue21529 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: The sole prerequisites of this attack are that the...
Medium: kernel
Issue Overview: arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service OOPS and system crash via an invalid syscall number, as demonstrated by numbe...
Important: nrpe
Issue Overview: DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It ha...
Medium: libtiff
Issue Overview: Use-after-free vulnerability in the t2preadwritepdfimage function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service crash or possible execute arbitrary code via a crafted TIFF image. The LZW decompressor in the gif2tiff tool in libtiff 4.0.3...
Medium: squid
Issue Overview: A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. CVE-2014-0128 Affected Packages: squid Issue Correction: Run yum...
Low: perltidy
Issue Overview: It was discovered that perltidy's maketemporaryfilename function insecurely created temporary files via the use of the tmpnam function. A local attacker could use this flaw to perform a symbolic link attack. Affected Packages: perltidy Issue Correction: Run yum update perltidy or...
Low: readline
Issue Overview: The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file. Affected Packages: readline Issue Correction: Run yum update readline or yum update --advisory...
Low: perl-Capture-Tiny
Issue Overview: It was found 1 that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files: ./lib/Capture/Tiny.pm: $stash-flagfiles$which = scalar tmpnam; This module makes use of the mktemp function when called in the...
Medium: pam
Issue Overview: Multiple directory traversal vulnerabilities in pamtimestamp.c in the pamtimestamp module for Linux-PAM aka pam 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. dot dot in the 1 PAMRUSER value to the getruser function or 2 PAMTTY value ...
Medium: libtasn1
Issue Overview: It was discovered that the asn1getbitder function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash o...
Important: libmicrohttpd
Issue Overview: Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an...
Medium: kernel
Issue Overview: The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. Affected...
Medium: php54
Issue Overview: The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the...
Medium: php55
Issue Overview: The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. The cdfreadpropertyinfo function in cdf.c in the...
Low: glibc
Issue Overview: Multiple stack-based buffer overflows in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 2.6.33, when CONFIGIPVS is used, allow local users to gain privileges by leveraging the CAPNETADMIN capability for 1 a getsockopt system call, related to the doipvsgetctl function, or ...
Important: openssl098e
Issue Overview: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224...
Important: gnutls
Issue Overview: A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using...
Important: openssl097a
Issue Overview: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224...
Important: openssl
Issue Overview: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224 Note:...
Low: munin
Issue Overview: The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data. Munin::Master::Node in Munin before 2.0.18 allows remote...
Medium: cacti
Issue Overview: Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...
Medium: lighttpd
Issue Overview: Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname. SQL injection vulnerability in modmysqlvhost.c in lighttpd...
Low: libxml2
Issue Overview: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state. Affected...