38355 matches found
Cross-site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The vulnerability exists as wpksesbadprotocol fails to validate that uri attributes do not contain invalid/or unauthorized protocols...
Arbitrary Code Execution
mozilla firefox is vulnerable to arbitrary code execution. Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion...
Denial Of Service (DoS)
Mozilla firefox is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free when retrieving a document in antitracking...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. Due to the way found in which Intel CPUs handle inconsistency between virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries, a privileged guest user may use this flaw to induce a hardware...
HTTP Request Smuggling
Netty is vulnerable to HTTP request smuggling. The attack is possible because it fails to correctly handle white spaces in HTTP header names...
Denial Of Service (Dos)
libexpat.so is vulnerable to denial of service. A heap-based buffer overflow occurs when an attacker sends a malicious XML which switches the DTD parsing to document parsing immaturely, leading to repeated calls of XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber function that results in an...
Buffer Over-Read
The elfutils package is vulnerable to heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges through a malicious file...
Privilege Escalation
kernel is vulnerable to privilege escalation. A use-after-free in the svcprocesscommon function allows an attacker to cause a host kernel memory corruption and a system panic, potentially resulting in a successful privilege escalation...
Cross-Site Scripting (XSS)
apache tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the time parameter in sp/cal/cal2.jsp in the calendar application in the examples application...
Cross-site Scripting (XSS)
picketlink is vulnerable to cross-site scripting. A URL injection vulnerability via the xinclude parameter allows an attacker to inject arbitrary Javascript into a victim's browser...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. Remote authenticated attacker could exploit the vulnerable Privileges component to cause a hang or frequently repeatable crash...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of service attacks. A remote authenticated attacker could exploit a flaw in the Storage Engines component to cause denial of service conditions...
Code Injection
pdfjs-dist is vulnerable to code injection vulnerability. This is because it does not sufficiently sanitize PostScript calculator functions which allows an attacker to inject malicious JavaScript through a crafted PDF file...
NULL Pointer Dereference
Linux kernel is vulnerable to NULL pointer dereference attacks. This is due to mishandling of node-splitting in assocarray implementation in assocarrayinsertintoterminalnode function in lib/assocarray.c. A local users could cause a denial of service via a crafted application, as demonstrated by t...
Man-in-the-Middle (MitM)
IBM Java SE is vulnerable to man-in-the-middle attacks. The vulnerability exists in Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A remote attacker could use this flaw to...
Information Disclosure
Linux kernel is vulnerable to information disclosure. This occurs in arch/x86/kvm/emulate.c in the Linux kernel. Local users could obtain sensitive information from kernel memory or cause a denial of service use-after-free via a crafted application that leverages instruction emulation for fxrstor...
Man-in-the-Middle (MitM)
PostgreSQL is vulnerable to man-in-the-middle attacks. This is because PostgreSQL client library libpq does not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An attacker could use this flaw to strip the SSL/TLS protection fr...
Privilege Escalation
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Improper Signature Validation
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...
Denial Of Service (DoS)
file is vulnerable to denial of service. Multiple flaws were found in the way file parsed Executable and Linkable Format ELF files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources...
Denial Of Service (DoS)
MySQL Server is vulnerable to denial of service DoS. The vulnerability exists as an unspecified vulnerability in Oracle MySQL . An authenticated user is able to manipulate with an unknown input which related to 'Parser'...
Arbitrary Code Execution
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function o...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Buffer Over-Read
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute...
Improper Access Control
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Sensitive Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Denial Of Service (DoS)
The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged us...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Use-After-Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
QEMU is vulnerable to denial of service DoS. The vulnerability exists through the parsing of a small bytesperpixel value...
Weak Authentication
The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...
Arbitrary Code Execution
LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...
Cross-Site Scripting (XSS)
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...
Information Disclosure
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...
Information Disclosure
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Information Disclosure
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Denial Of Service (DoS)
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...
Sandbox Restrictions Bypass
openjdk is vulnerable to sandbox restrictions bypass. An unspecified vulnerability allows remote attackers to affect integrity via unknown vectors...
Information Disclosure
Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A heap-based buffer overflow flaw was found in the Linux kernel's iSCSI target subsystem. A remote attacker could use a specially-crafted iSCSI request to caus...