38332 matches found
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Client programs component which leads to unauthorized attacker to cause a hang or frequently repeatable crash complete DoS...
Information Disclosure
Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service attacks. A local, authenticated attacker could exploit the flawed Keyring Handler component and create keyrings for other users via keyctl commands...
Denial Of Service (DoS)
Apache httpd is vulnerable to denial of service attacks. The modauthdigest component does not properly initialize memory used to process 'Digest' type HTTP Authorization headers allowing a remote attacker to send a specially crafted request to view potentially sensitive information from the...
Denial Of Service (DoS)
QEMU is vulnerable to denial of service attacks. A remote attacker could cause memory exhaustion resulting in denial of service. The vulnerability exists in the file audio/audio.c of the component Audio Capture and exploitable via repeatedly starting and stopping audio capture...
Denial Of Service (DoS) Through Divide By Zero
QEMU is vulnerable to denial of serviceDoS through divide by zero attacks. The vulnerability occurs while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in an application...
Denial Of Service (DOS)
Linux kernel is vulnerable to the Linux kernel since 3.6-rc1 with 'net.ipv4.tcpfastopen' set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls. Local users could cause an application crash via a crafted application that makes sendto system calls, related...
Privilege Escalation
Java SE, Java SE Embedded and JRockit are vulnerable to privilege escalation attacks. A remote, unauthenticated attacker could submit malicious input leading to the exploitation of the flawed Security component to gain elevated privileges. Successful attacks could result in takeover of Java SE,...
Denial Of Service (DoS)
zlib is vulnerable to denial of service attacks. A remote user is able to cause an application crash resulting in denial of service conditions. The vulnerability affects the function inflateMark in the library zlib of the file inflate.c...
Denial Of Service (DoS)
php is vulnerable to denial of service. An attacker is able to crash the application via a long string to rawurlencode function...
Use-After-Free
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in keyrejectandlink an uninitialised variable would eventually lead to arbitrary free...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation attacks. This allows local users to gain privileges by triggering access to a paging structure by a different CPU. which leads to perform unauthorized actions...
Denial Of Service (DoS)
Wireshark is vulnerable to denial of service DoS attacks. Not properly determining the defragmentation state in a case of an insufficient snapshot length in fragmentaddwork function allows remote attackers to crash the application through memory consumption via a crafted packet...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service attacks. An attacker can cause a crash by triggering the use of GRO path for large crafted packets which only contain VLAN headers...
Denial Of Service (DoS)
Red Hat JBoss Web Server is vulnerable to denial of service DoS attacks. It is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP which results in a server crash DOS...
Denial Of Service (DoS)
libtiff is vulnerable to denial of service DoS attacks. This allows remote attackers to affect the availability via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif...
Insufficient Entropy In Key Generation Algorithm
The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...
Buffer Overflow
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Arbitrary File Read
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...
Sandbox Restrictions Bypass
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking packet loss by setting an invalid M...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system...
Privilege Escalation
MySQL Server is vulnerable to privilege escalation. The vulnerability exists as an unspecified vulnerability in Oracle MySQL . This allows a remote authenticated user to manipulate with an unknown input. affected component is 'Privileges'...
Denial Of Service (DoS)
MySQL Server is vulnerable to denial of service DoS attacks. The vulnerability exists as an unspecified vulnerability in Oracle MySQL .This allows a remote authenticated user to manipulate with an unknown input, causing the application to crash. The affected component is InnoDB...
Use-After-Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Sensitive Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Buffer Overflow
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Arbitrary Code Execution
libxfont is vulnerable to arbitrary code execution. An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format BDF fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the...
Spoofable Server
Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The moddavsvn module is used with the Apache HTTP Server to allow access to Subversion...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Information Disclosure
libvirt is vulnerable to information disclosure. It was discovered that the virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc functions did not sufficiently limit the usage of the VIRDOMAINXMLSECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a...
Arbitrary Code Execution
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapikr...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the...
Buffer Overflow
The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...
Denial Of Service (DoS)
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Authentication Bypass
The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...
Arbitrary Code Execution
The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...
Use-after-Free
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
Man-in-the-Middle Attack
nss-util is vulnerable to a man-in-the-middle attack. The library accepts a wildcard character that is embedded in an internationalized domain name's U-labels in the certTestHostName function in lib/certdb/certdb.c , allowing a malicious user to spoof SSL servers via a crafted certificate...
Denial Of Service (DoS)
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...
Denial Of Service (DoS)
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to...
Sandbox Restrictions Bypass
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Same-Origin Policy Bypass
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload UFO feature was enabled. A remot...
Integer Overflow
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...
Input Validation Bypass
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...
Arbitrary Code Execution
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the wa...