38332 matches found
Arbitrary File Overwrite
github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...
Use-After-Free
firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...
Information Disclosure
PHP is vulnerable to Information disclosure. When an attacker supplies malicious data, it causes the funciton gdImageCreateFromXbm to use the value of uninitialized variable...
Buffer Overflow
libpng is vulnerable to buffer overflow. The attack exists because of a flaw in PNM decoding which causes a stack overflow in the function gettoken in pnm2png.c in pnm2png...
Denial Of Service (DoS)
openjdk is vulnerable to denial of service. It was discovered that the implementation of the Throwable class in the Utilities component of OpenJDK did not sufficiently validate serial stream before deserializing suppressed exceptions. A specially-crafted input could cause a Java application to...
Buffer Overflow
QEMU is vulnerable to buffer overflows. A remote, unauthenticated attacker could cause a system crash due to device tree size manipulation before buffer allocation leading to denial of service conditions. Affected by this issue is the function loadimage of the file devicetree.c...
Denial Of Service (DoS)
imagemagick is vulnerable to denial of service. A use of uninitialized value flaw in the function ReadCUTImage in coders/cut.c allows an attacker to crash the application...
Unsafe Deserialization
jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...
Buffer Overflow
Mozilla Thunderbird is vulnerable to buffer overflow. It does not use correct alias information in IonMonkey JIT compiler for MArraySlice in Array.prototype.slice method...
Denial Of Service (DoS)
IBM SDK is vulnerable to denial of service DoS attacks. The vulnerability exists in the java.math component in IBM SDK. An attacker could cause a denial of service condition with specially crafted String data...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown code block in the library fs/xfs/libxfs/xfsattr.c of the component XFS File System because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c mishandles ATTRREPLACE operations with conversion of an...
Privilege Escalation
Linux kernel is vulnerable to privilege escalation vulnerability. This exists in the function inodeinitowner of the file fs/inode.c. Local users could create files with an unintended group ownership and SGID permission bits set, when a directory is SGID and belongs to a certain group and is...
Memory Corruption
Linux kernel is vulnerable to memory corruption vulnerability. This is because the ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently causing an...
Use After Free
PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...
Out-Of-Bounds Read
PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...
Denial Of Service (DoS)
Oracle Java SE is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown function of the component Security. An unauthenticated attacker with network access via multiple protocols could compromise Java SE, Java SE Embedded, JRockit causing a parital denial of service...
Denial Of Service (DoS)
Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...
Denial Of Service (DoS)
QEMU is vulnerable to denial of serviceDoS attacks. This occurs in the xhciringfetch function in hw/usb/hcd-xhci.c which allows local guest OS administrators to cause a denial of service condition by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
Denial Of Service
Java SE and Java SE Embedded are vulnerable to denial of serviceDoS attacks. A remote user can exploit a flaw in the Serialization component to cause application crash resulting in partial denial of service conditions...
Denial Of Service (DOS)
Linux Kernel is vulnerable to denial of service DOS attacks. This is because Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack...
NULL Pointer Dereference
JasPer is vulnerable to NULL pointer dereference. A remote attacker could cause denial of service via a crafted BMP image in an imginfo command. This issue affects the function bmpgetdata of the file libjasper/bmp/bmpdec.c of the component imginfo...
Unauthorized Modification
Java SE and Java SE Embedded are vulnerable to unauthenticated modification attacks. An unauthenticated attacker can exploit a flaw in the Security component of OpenJDK which does not allow users to restrict the set of algorithms allowed for Jar integrity verification allowing an attacker to modi...
Authentication Bypass
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Ja...
Improper Input Validation
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...
Insecure TLS Configurations
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java...
Information Disclosure
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Sandbox Protection Bypass
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...
Information Disclosure
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...
Integer Overflow
The X11 Xorg libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol da...
Null Pointer Dereference
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Heap-Based Buffer Overflow
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Out-Of-Bounds Read
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...
Denial Of Service (DoS)
Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...
Information Disclosure
java is vulnerable to information disclosure. An unspecified vulnerability allows a remote attacker to affect confidentiality via vectors related to 2D...
Denial Of Service (DoS) Through Divide By Zero
LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash o...
Information Disclosure
php is vulnerable to information disclosure. The vulnerability exists as the phpinfo implementation in ext/standard/info.c does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF...
Denial Of Service (DoS)
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...
Denial Of Service (DoS)
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One ASN.1 parsing and structures management, and Distinguished Encoding Rules DER...
Denial Of Service (DoS) Through A Race Condition
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU Last-Recently Used list under certai...
Sandbox Restrictions Bypass
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Unauthorized Access
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Information Disclosure
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Privilege Escalation
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Privilege Escalation
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
NULL Pointer Dereference
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length ihl of zero were processed in the skbflowdissect function in the Linux kernel. A remote attacker could use this flaw to trigger an infinit...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Out-Of-Bounds Read
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Information Disclosure
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...