907639 matches found
DSA-4505-1 nginx - security update
Bulletin has no description...
DSA-4503-1 golang-1.11 - security update
Bulletin has no description...
DLA-1730-3 libssh2 - regression update
Bulletin has no description...
DLA-1858-1 squid3 - security update
Bulletin has no description...
CVE-2019-12815
An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...
DLA-1851-1 openjpeg2 - security update
Bulletin has no description...
DLA-1839-1 expat - security update
Bulletin has no description...
DSA-4472-1 expat - security update
Bulletin has no description...
DSA-4465-1 linux - security update
Bulletin has no description...
RUSTSEC-2019-0037 Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT
Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault...
DLA-1810-1 tomcat7 - security update
Bulletin has no description...
DSA-4440-1 bind9 - security update
Bulletin has no description...
PYSEC-2019-226
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...
DLA-1761-1 ghostscript - security update
Bulletin has no description...
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
DSA-4405-1 openjpeg2 - security update
Bulletin has no description...
DLA-1701-1 openssl - security update
Bulletin has no description...
DLA-1697-1 bind9 - security update
Bulletin has no description...
CVE-2018-5818
An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...
GHSA-6QVP-R6R3-9P7H Nokogiri NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...
GHSA-3X7H-5HFR-HVJM Moderate severity vulnerability that affects io.undertow:undertow-core
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
RUSTSEC-2018-0006 Uncontrolled recursion leads to abort in deserialization
Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...
DSA-4287-1 firefox-esr - security update
Bulletin has no description...
DLA-1490-1 php5 - security update
Bulletin has no description...
DLA-1479-1 twitter-bootstrap3 - security update
Bulletin has no description...
DSA-4279-1 linux - security update
Bulletin has no description...
DSA-4185-1 openjdk-8 - security update
Bulletin has no description...
DSA-4135-1 samba - security update
Bulletin has no description...
CVE-2016-10712
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...
DSA-4037-1 jackson-databind - security update
Bulletin has no description...
DLA-1070-1 qemu - security update
Bulletin has no description...
DSA-3944-1 mariadb-10.0 - security update
Bulletin has no description...
CVE-2016-4473
/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...
CVE-2017-5664
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
CVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...
CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provid...
DLA-797-1 mysql-5.5 - security update
Bulletin has no description...
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...
DSA-3732-1 php5 - security update
Bulletin has no description...
DSA-3731-1 chromium-browser - security update
Bulletin has no description...
DLA-679-1 qemu-kvm - security update
Bulletin has no description...
DLA-604-1 ruby-actionpack-3.2 - security update
Bulletin has no description...
DLA-569-1 xmlrpc-epi - security update
Bulletin has no description...
DLA-527-1 nss - security update
Bulletin has no description...
CVE-2015-8874
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call...
CVE-2016-2106
Integer overflow in the EVPEncryptUpdate function in crypto/evp/evpenc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of data...
DLA-455-1 asterisk - security update
Bulletin has no description...
DLA-272-1 python-django - security update
Bulletin has no description...
DSA-3284-1 qemu - security update
Bulletin has no description...
DLA-233-1 clamav - security update
Bulletin has no description...