908464 matches found
DSA-4231-1 libgcrypt20 - security update
Bulletin has no description...
DLA-1303-1 python-django - security update
Bulletin has no description...
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...
CVE-2018-2562
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
UBUNTU-CVE-2017-14868
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...
DSA-4031-1 ruby2.3 - security update
Bulletin has no description...
CVE-2017-15906
The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...
GHSA-9H36-4JF2-HX53 extlib does not properly restrict casts of string values
The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...
GHSA-GH2W-J7CX-2664 Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...
GHSA-H835-75HW-PJ89 activesupport Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote...
GHSA-R5HC-9XX5-97RW i18n gem Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...
GHSA-7CGP-C3G7-QVRW actionpack Improper Input Validation vulnerability
actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...
DSA-3969-1 xen - security update
Bulletin has no description...
PYSEC-2017-41
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...
DSA-3918-1 icedove - security update
Bulletin has no description...
CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
DSA-3881-1 firefox-esr - security update
Bulletin has no description...
DSA-3872-1 nss - security update
Bulletin has no description...
CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...
CVE-2017-9049
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398...
UBUNTU-CVE-2017-8906
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.4, as used by the x265encoderencode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in th...
RUSTSEC-2017-0005 Large cookie Max-Age values can cause a denial of service
Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...
CVE-2017-3600
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...
CVE-2017-3238
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...
DSA-3773-1 openssl - security update
Bulletin has no description...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9935
The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...
DLA-764-1 qemu - security update
Bulletin has no description...
DLA-689-1 qemu-kvm - security update
Bulletin has no description...
CVE-2016-2182
The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via unknown vectors...
DLA-578-1 openssh - security update
Bulletin has no description...
DSA-3618-1 php5 - security update
Bulletin has no description...
DLA-545-1 icu - security update
Bulletin has no description...
DSA-3548-3 samba - regression update
Bulletin has no description...
DSA-3544-1 python-django - security update
Bulletin has no description...
DSA-3505-1 wireshark - security update
Bulletin has no description...
DLA-387-1 openssh - security update
Bulletin has no description...
DSA-3437-1 gnutls26 - security update
Bulletin has no description...
DLA-360-1 linux-2.6 - security update
Bulletin has no description...
DLA-242-1 imagemagick - security update
Bulletin has no description...
DLA-157-1 openjdk-6 - security update
Bulletin has no description...
DSA-3169-1 eglibc - security update
Bulletin has no description...
DLA-131-1 file - security update
Bulletin has no description...
DLA-118-1 linux-2.6 - security update
Bulletin has no description...
DSA-2995-1 lzo2 - security update
Bulletin has no description...
DSA-2931-1 openssl - security update
Bulletin has no description...
DSA-2668-1 linux-2.6 - several
Bulletin has no description...
DSA-2637-1 apache2 - several
Bulletin has no description...
DSA-2552-1 tiff - several
Bulletin has no description...