907635 matches found
DSA-4387-2 openssh - security update
Bulletin has no description...
DLA-1694-1 qemu - security update
Bulletin has no description...
CVE-2018-19396
ext/standard/varunserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service application crash via an unserialize call for the com, dotnet, or variant class...
DLA-1577-1 xen - security update
Bulletin has no description...
DSA-4330-1 chromium-browser - security update
Bulletin has no description...
DLA-1562-1 poppler - security update
Bulletin has no description...
GHSA-4FQ3-MR56-CG6R Spring Data Commons remote code injection vulnerability
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...
DSA-4321-1 graphicsmagick - security update
Bulletin has no description...
DLA-1524-1 libxml2 - security update
Bulletin has no description...
DLA-1474-1 openssh - security update
Bulletin has no description...
DLA-1466-1 linux-4.9 - security update
Bulletin has no description...
DLA-1443-1 evolution-data-server - security update
Bulletin has no description...
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...
CVE-2017-16006
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript...
DLA-1339-1 openjdk-7 - security update
Bulletin has no description...
DSA-4158-1 openssl1.0 - security update
Bulletin has no description...
DLA-1301-1 tomcat7 - security update
Bulletin has no description...
GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
DSA-3981-1 linux - security update
Bulletin has no description...
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...
DLA-1097-1 tcpdump - security update
Bulletin has no description...
DSA-3966-1 ruby2.3 - security update
Bulletin has no description...
DLA-1034-1 php5 - security update
Bulletin has no description...
DLA-1028-1 apache2 - security update
Bulletin has no description...
DLA-1007-1 icedove - security update
Bulletin has no description...
DLA-993-1 linux - security update
Bulletin has no description...
DLA-958-1 libonig - security update
Bulletin has no description...
DSA-3842-1 tomcat7 - security update
Bulletin has no description...
DLA-906-1 firefox-esr - security update
Bulletin has no description...
DSA-3832-1 icedove - security update
Bulletin has no description...
DLA-730-1 firefox-esr - security update
Bulletin has no description...
CVE-2016-6304
Multiple memory leaks in t1lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service memory consumption via large OCSP Status Request extensions...
DLA-567-1 mysql-5.5 - security update
Bulletin has no description...
DLA-529-1 tomcat7 - security update
Bulletin has no description...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
DLA-484-1 graphicsmagick - security update
Bulletin has no description...
CVE-2016-2105
Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of binary data...
DSA-3548-2 samba - regression update
Bulletin has no description...
DLA-435-1 tomcat6 - security update
Bulletin has no description...
DLA-432-1 postgresql-8.4 - security update
Bulletin has no description...
DSA-3480-1 eglibc - security update
Bulletin has no description...
DSA-3469-1 qemu - security update
Bulletin has no description...
DLA-358-1 openssl - security update
Bulletin has no description...
DLA-355-1 libxml2 - security update
Bulletin has no description...
DSA-3351-1 chromium-browser - security update
Bulletin has no description...
DLA-284-1 apache2 - security update
Bulletin has no description...
DLA-266-1 libxml2 - security update
Bulletin has no description...
DLA-263-1 ruby1.9.1 - security update
Bulletin has no description...
DLA-246-2 linux-2.6 - security update
Bulletin has no description...
DLA-189-1 libgd2 - security update
Bulletin has no description...