879 matches found
BSA-2018-700
Security Advisory ID : BSA-2018-700 Component : Apache Struts 2 Revision : 1.0: Final Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same...
BSA-2018-696
Security Advisory ID : BSA-2018-696 Component : Kernel Revision : 1.0: Final A TCP data structure in supported versions of FreeBSD 11, 11.1, 11.2, 10, and 10.4 use an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the numbe...
BSA-2018-698
Security Advisory ID : BSA-2018-698 Component : OpenSSH Revision : 2.0: Final OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c...
BSA-2018-690
Security Advisory ID : BSA-2018-690 Component : Kernel Revision : 1.0: Final The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending...
BSA-2018-687
Security Advisory ID : BSA-2018-687 Component : Kernel Revision : 1.0: Final Security researchers have identified a speculative execution side-channel method called L1 Terminal Fault L1TF also known as Foreshadow. This method impacts select microprocessor products supporting Intel® Software Guard...
BSA-2018-686
Security Advisory ID : BSA-2018-686 Component : Kernel Revision : 1.0: Final Linux kernel versions 4.9+ can be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service. An attacker can induce a denial of servic...
BSA-2018-536
Security Advisory ID : BSA-2018-536 Component : OpenSSH Revision : 2.0: Final A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple...
BSA-2018-636
Security Advisory ID : BSA-2018-636 Component : OpenSSL Revision : 2.0: Final The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process coul...
BSA-2018-620
Security Advisory ID : BSA-2018-620 Component : TLS Revision : 2.0 The TLS protocol 1.2 and earlier supports the rsafixeddh, dssfixeddh, rsafixedecdh, and ecdsafixedecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations...
BSA-2018-662
Security Advisory ID : BSA-2018-662 Component : Zip Slip Revision : 1.1: update Snyk Security team discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. The flaw which has been named Zip Slip affects numerous archive-extractio...
BSA-2018-612
Security Advisory ID : BSA-2018-612 Component : HW:CPU Revision : 1.0: Final Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may return a speculative register value that is then used in subsequent speculative load instructions...
BSA-2018-611
Security Advisory ID : BSA-2018-611 Component : HW:CPU Revision : 1.0: Final Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may read an earlier value of the data. Subsequent speculati...
BSA-2018-602
Security Advisory ID : BSA-2018-602 Component : Win32k Revision : 1.0: Final An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel...
BSA-2018-601
Security Advisory ID : BSA-2018-601 Component : Kernel Revision : 1.0: Final In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing...
BSA-2018-604
Security Advisory ID : BSA-2018-604 Component : System Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to execute arbitrary commands on the system, caused by the ping and trace route commands running at root level on the diagnostic page. An attacker could exploit th...
BSA-2018-603
Security Advisory ID : BSA-2018-603 Component : WebGUI Revision : 1.0: Final Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism. By appending "?images/" to the end of the web address on any of the router's...
BSA-2018-589
Security Advisory ID : BSA-2018-589 Component : Oracle WebLogic Revision : 1.0: Final Vulnerability in the Oracle WebLogicServer component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily...
BSA-2018-583
Security Advisory ID : BSA-2018-583 Component : Spring-framework Revision : 1.0: Final Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocketendpoints with a simple, in-memory STOMP broker...
BSA-2018-557
Security Advisory ID : BSA-2018-557 Component : Apache HTTPD Revision : 2.0: Final In Apache httpd, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not...
BSA-2018-559
Security Advisory ID : BSA-2018-559 Component : Apache HTTPD Revision : 2.0: Final Apache HTTP Server httpd modsession modulehas an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session"...
BSA-2018-553
Security Advisory ID : BSA-2018-553 Component : Apache HTTPD Revision : 2.0: Final When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the...
BSA-2018-552
Security Advisory ID : BSA-2018-552 Component : Apache HTTPD Revision : 2.0: Final A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial...
BSA-2018-556
Security Advisory ID : BSA-2018-556 Component : Apache HTTPD Revision : 2.0: Final The expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are...
BSA-2018-538
Security Advisory ID : BSA-2018-538 Component : OpenSSH Revision : 2.0: Final The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Affected Products Security updates have be...
BSA-2018-564
Security Advisory ID : BSA-2018-564 Component : Oracle Java Revision : 1.1: update The January 2018 Critical Patch Update provides security updatesfor certain Oracle Java Platform software libraries. Java SE JDK and JRE versions through 6u171, 7u161, 8u152, and 9.0.1 are affected by vulnerabiliti...
CVE-2017-3737 - Read, write after SSL object in error state. (BSA-2018-527).
Security Advisory ID: BSA-2018-527 Component: OpenSSL Revision : 3.0: Final OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake, then OpenSSL would move into the error state and would immediately fail i...
BSA-2018-527
Summary OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for...
BSA-2018-526
Security Advisory ID : BSA-2018-526 Component : Fabric OS IPv6 stack Revision : 2.0: Final A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow an unauthenticated, adjacent attacker to cause a denial of service CPU consumption and devic...
BSA-2018-525
Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...
BSA-2018-514
Security Advisory ID : BSA-2018-514 Component : TLS Implementations Revision : 1.1: Final TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could...
BSA-2018-522
Security Advisory ID : BSA-2018-522 Component : HW: CPU Revision : 1.2: Interim In total, security researchers disclosed three variants of CPU Data cache timing abuse. The variants lead to vulnerabilities that take advantage of the implementation of speculative execution of instructions on many...
BSA-2017-497
Security Advisory ID : BSA-2017-497 Component : Apache HTTPD Revision : 1.0: Final The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer...
BSA-2018-588
Security Advisory ID : BSA-2018-588 Component : Apache Strusts2 Revision : 2.0: Final In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...
BSA-2018-528
Security Advisory ID : BSA-2018-528 Component : OpenSSL Revision : 1.0: Final There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this...
BSA-2017-471
Security Advisory ID : BSA-2017-471 Component : Apache Santuario Revision : 2.0: Final Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to...
BSA-2017-473
Security Advisory ID : BSA-2017-473 Component : Kernel Revision : 2.0: Final On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the...
BSA-2017-458
Security Advisory ID : BSA-2017-458 Component : Libgcrypt Revision : 2.0: Final libgcrypt: use ciphertext blinding for Elgamal decryption new side-channel attack...
BSA-2017-457
Security Advisory ID : BSA-2017-457 Component : GnuPG & Libgcrypt Revision : 2.0: Final GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka...
BSA-2017-470
Security Advisory ID : BSA-2017-470 Component : Expand Entity References Revision : 1.0: Interim The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote...
BSA-2017-472
Security Advisory ID : BSA-2017-472 Component : JBOSS WildFly Revision : 1.0: Interim Red Hat JBoss Enterprise Application Platform JBEAP 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container MSC service...
BSA-2017-469
Security Advisory ID : BSA-2017-469 Component : JBOSS Application Revision : 1.0: Interim Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remo...
BSA-2017-474
Security Advisory ID : BSA-2017-474 Component : Infineon RSA Library Revision : 2.0: Final The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module TPM firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection...
BSA-2017-447
Security Advisory ID : BSA-2017-447 Component : Apache Revision : 2.0: Final When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to fals...
BSA-2017-453
Security Advisory ID : BSA-2017-453 Component : EDNS0 Revision : 2.0: Final A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and...
BSA-2017-455
Security Advisory ID : BSA-2017-455 Component : dnsmasq Revision : 2.0: Final An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the DNS code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash...
BSA-2017-450
Security Advisory ID : BSA-2017-450 Component : IPV6RA Revision : 2.0: Final A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement RA handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially...
BSA-2017-452
Security Advisory ID : BSA-2017-452 Component : dhcp6 Revision : 2.0: Final An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking...
BSA-2017-449
Security Advisory ID : BSA-2017-449 Component : dnsmasq Revision : 2.0: Final A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code...
BSA-2017-454
Security Advisory ID : BSA-2017-454 Component : dnsmasq Revision : 2.0: Final An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configuration...
BSA-2017-451
Security Advisory ID : BSA-2017-451 Component : dhcp6 Revision : 2.0: Final A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code...