38355 matches found
Denial Of Service (DoS)
The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with...
Sandbox Protection Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...
Denial Of Service (DoS)
The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...
Denial Of Service (DoS)
The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...
NULL Pointer Dereference
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Denial Of Service (DoS)
php is vulnerable to denial of service DoS. The vulnerability exists in the donote function in readelf.c where a parsing a ELF file can cause DoS...
Arbitrary Code Execution
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve...
Arbitrary Code Execution
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Sensitive Information Disclosure
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...
Denial Of Service (DoS)
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer...
Arbitrary Code Execution
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Use-After-Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Cross-Site Scripting (XSS)
Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. Multiple flaws were found in the way libxml2 parsed certain XPath XML Path Language expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run...
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Privilege Escalation
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Memory Corruption
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Improper Access Control
Oracle Java SE is vulnerable to improper access control. Remote unauthenticated attackers could bypass Java sandbox restrictions via the vulnerable component RMI...
Cross-site Scripting (XSS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Memory Corruption
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Denial Of Service (DoS) Or Directory Traversal
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Denial Of Service (DoS) Or Remote Code Execution (RCE)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Remote Code Execution (RCE)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service. Local users are able to exploit a race condition in the ALSA subsystem to crash the application via malicious /dev/snd/seq ioctl calls. The crash is a result of a use-after-free UAF bug in sndseqioctlcreateport...
Remote Code Execution (RCE)
openslp is vulnerable to remote code execution RCE attacks. The vulnerability exists as OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability...
Denial Of Service (DoS)
kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users to cause a...
Denial Of Service (DoS)
qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists as QEMU aka Quick Emulator, when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors involving...
Remote Code Execution (RCE)
lucene-queryparser is vulnerable to remote code execution. This is possible through the use of an XML external entity expansion XXE attack and the Config API with add-listener command...
TCP Session Hijack
kernel-rt is vulnerable to TCP session hijack attacks. The vulnerability exists as net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack...
Denial Of Service (DoS)
qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists through buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or...
Database Authorization Bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
Information Disclosure Through Buffer Over-read
OpenSSL is vulnerable to information disclosure. OpenSSL does not correctly handle Heartbeat Extension packets, attackers can leverage this flaw to read sensitive information by triggering a buffer over-read. This is also known as Heartbleed...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references ...
XML Encryption Backwards Compatibility Attack
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...
Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow
OpenSSL is vulnerable to denial of service DoS attacks and possible other attacks. These attacks are possible because the asn1d2ireadbio function doesn't correctly interpret integer data which can be leveraged to do buffer overflow attacks or cause memory consumption...
Directory Traversal
catalina is vulnerable to directory traversal attacks. The vulnerability exists due to an improper path normalization on the URI, allowing directory traversal attacks...
Directory Traversal
tomcat-coyote is vulnerable to directory traversal attacks. The vulnerability exists as the JVM does not correctly decode UTF-8 encoded URLs, and when a context is configured with allowLinking="true", allowing directory traversal attacks...
Copy-Paste Vulnerability (CPV) Through Libxml2
nokogiri is vulnerable to denial of service DoS attacks. The library uses a vulnerable version of libxml2, causing it to be vulnerable to the following CVEs: 1. CVE-2016-9318: XML External Entity XXE through a crafted document. 2. CVE-2017-16932: Infinite Recursion during parsing. 3...
Man-in-the-Middle (MitM)
postgresql is vulnerable to man-in-the-middle. Hostname verification for non-default SSL factories are not performed if the hostname verifier is not provided to the driver. This allows an attacker to masquerade as a trusted server by providing a certificate signed by a trusted CA...
Denial Of Service (DoS)
libkrb5.so is vulnerable to denial of service DoS attacks. The vulnerability exists in the krb5gssprocesscontexttoken function of lib/gssapi/krb5/processcontexttoken.c where a terminated security-context handle could be used by authenticated users to cause a Denial of Service DoS attack...
Denial Of Service (DoS)
libxslt.so is vulnerable to denial of service attacks. The application does not properly handle i format token for xsl:number data, allowing a malicious user to pass a file to the application to cause a integer overflow that can crash the application or cause arbitrary code to be executed...
Denial Of Service (DoS)
.NET Core is vulnerable to denial of service DoS. This is due to the way the .NET applications process XML documents which could lead to a denial of service condition when a specially crafted request is submitted...
Insecure Defaults
Apache Tomcat is vulnerable to insecure defaults. The CORS filter provided by default is insecure as it enables supportsCredentials for all origins. This can allow a malicious user unauthorized access to sensitive resources...
Denial Of Service (DoS)
Guava is vulnerable to Denial Of Service DoS. The attacks are possible because AtomicDoubleArray and CompoundOrdering classes perform memory allocations without checking user provided data and its size...
Remote Code Execution (RCE)
drupal is vulnerable to remote code execution RCE attacks. The library does not properly sanitize URL endpoints where array objects can be supplied to request parameters, allowing a potential compromise of the PHP application, and even the underlying operating system OS. This vulnerability is...
Cross-site Scripting (XSS)
dijit is vulnerable to cross-site scripting XSS attacks. Attackers can execute arbitrary webscript through the onload attributes of SVG elements...
Denial Of Service (DoS)
Apache poi is vulnerable to denial of service DoS attacks. Attackers can cause infinite loops, when parsing WMF, EMF, MSG and macro files. They can also cause Out-of-Memory OOM exceptions to occur when parsing DOC, PPT and XLS files...