907959 matches found
CVE-2020-14355
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...
ASB-A-150156492
In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation...
GHSA-XXGP-PCFC-3VGC Privilege Escalation in Hibernate Validator
In Hibernate Validator 5.2.x before 5.2.5.Final, 5.3.x before 5.3.6.Final, and 5.4.x before 5.4.2.Final, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege...
GHSA-VMQM-G3VH-847M Denial of service in Apache Xerces2
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service CPU consumption via a crafted message to an XML service, which triggers hash table collisions...
GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket
The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...
DLA-2160-1 php5 - security update
Bulletin has no description...
GHSA-58MJ-PW57-4VM2 Cross-site scripting in PHPMailer
PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...
DSA-4579-1 nss - security update
Bulletin has no description...
CVE-2019-18934
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...
DSA-4542-1 jackson-databind - security update
Bulletin has no description...
DSA-4531-1 linux - security update
Bulletin has no description...
DSA-4520-1 trafficserver - security update
Bulletin has no description...
ALSA-2019:2511 Important: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql 8.0.17. Security Fixes: mysql: Server: Replication multiple unspecified vulnerabilities...
DLA-1782-1 openjdk-7 - security update
Bulletin has no description...
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by...
DSA-4420-1 thunderbird - security update
Bulletin has no description...
GHSA-PH58-4VRJ-W6HR bootstrap Cross-site Scripting vulnerability
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...
CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...
PYSEC-2018-32
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...
DLA-1570-1 mariadb-10.0 - security update
Bulletin has no description...
DLA-1497-1 qemu - security update
Bulletin has no description...
DLA-1491-1 tomcat8 - security update
Bulletin has no description...
DSA-4259-1 ruby2.3 - security update
Bulletin has no description...
CVE-2017-7375
A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...
CVE-2017-15365
sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...
DSA-4017-1 openssl1.0 - security update
Bulletin has no description...
DSA-4005-1 openjfx - security update
Bulletin has no description...
DLA-1102-1 apache2 - security update
Bulletin has no description...
DLA-999-1 openvpn - security update
Bulletin has no description...
CVE-2017-7494
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...
CVE-2016-1551
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip...
DSA-3616-1 linux - security update
Bulletin has no description...
DSA-3433-1 samba - security update
Bulletin has no description...
DSA-3287-1 openssl - security update
Bulletin has no description...
DSA-3245-1 ruby1.8 - security update
Bulletin has no description...
DLA-103-1 linux-2.6 - security update
Bulletin has no description...
DLA-96-1 openjdk-6 - security update
Bulletin has no description...
DLA-94-1 php5 - security update
Bulletin has no description...
DLA-27-1 file - security update
Bulletin has no description...
DSA-2774-1 gnupg2 - several
Bulletin has no description...
DSA-2465-1 php5 - several
Bulletin has no description...
DSA-2342-1 iceape - several
Bulletin has no description...
DSA-2336-1 ffmpeg - several
Bulletin has no description...
DSA-2298-1 apache2 - denial of service
Bulletin has no description...
DSA-1666-1 libxml2 - several vulnerabilities
Bulletin has no description...
DSA-1638-1 openssh - denial of service
Bulletin has no description...
DSA-1286-1 linux-2.6
Bulletin has no description...
DSA-797-1 zsync - buffer overflow
Bulletin has no description...
DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
Bulletin has no description...
DSA-143 krb5 - integer overflow
Bulletin has no description...