38341 matches found
Information Disclosure
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when...
Authorization Bypass
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length heade...
Denial Of Service (DoS)
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to...
Heap-based Buffer Over-read
OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or,...
NULL Pointer Dereference
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...
Denial Of Service (DoS)
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly,...
Arbitrary Code Execution
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the wa...
Sandbox Restrictions Bypass
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Arbitrary Code Execution
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Arbitrary Code Execution
java is vulnerable to arbitrary code execution. The vulnerability exists through missing package access checks in the Naming/JNDI component...
Authorization Bypass
java is vulnerable to authorization bypass. The vulnerability exists through Scripting...
Arbitrary Code Execution
OpenJDK is vulnerable to arbitrary code execution. The attack is due to a flaw which allows an untrusted Java application or applet to bypass certain Java sandbox restrictions...
Sandbox Restrictions Bypass
openjdk is vulnerable to sandbox restrictions bypass. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions and affect confidentiality, integrity and availability via vectors related to 2D...
Arbitrary Code Execution
firefox/thunderbird is vulnerable to arbitrary code execution. A remote attacker is able to corrupt memory which could lead to arbitrary code execution or an application crash...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service DoS. It allows remote attackers to affect availability via unknown vectors...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service DoS. It allows remote attackers to affect availability via unknown vectors...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Same-Origin Policy Bypass
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Sandbox Restrictions Bypass
OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...
Denial Of Service (DoS)
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...
Input Validation Bypass
OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory travers...
Bypass Policy
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Spoofing Vulnerability
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Authorization Bypass
JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface JNDI Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract...
Information Disclosure
kernel-rt is vulnerable to information disclosure. Local users are able to obtain confidential information from the kernel stack memory via recvfrom or recvmsgsystem call on an RDS socket. due to failure to initialize certain structure member in the rdsrecvmsg function in net/rds/recv.c...
Remote Code Execution (RCE)
IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Denial Of Service (DoS)
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update...
Authorization Bypass
libxslt.so is vulnerable to authorization bypass. The callers of xsltCheckRead and xsltCheckWrite allow access upon receiving a -1 error code, which is invalid for a URL but is subsequently loaded...
Firewall Misconfiguration
github.com/containernetworking/plugins contains firewall misconfigurations. The misconfiguration causes the HostPort/portmap rule to take precedence on matching incoming traffic even if there are earlier rules or better fitting rules in the iptables nat chains...
Cross-Site Scripting (XSS)
Mort Bay Jetty is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary web script or HTML via the query string to jsp/dump.jsp in the JSP Dump feature, the Name and Value parameter in the default URI for the Session Dump Servlet under session/...
Cross-Site Request Forgery (CSRF)
wordpress is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not have any CSRF protections in place to prevent forged request when posting comments. Moreover, a lack of comment content filtering when an administrative user posts a comment, allows a remote attack...
Denial Of Service (DoS)
libsystemd.so is vulnerable to denial of service. A local attacker is able to cause a kernel panic by sending a malicious DBUS message which would cause a stack-based buffer overflow in the function busprocessobject in bus-objects.c...
Malicious Container Execution
github.com/opencontainers/runc is vulnerable to Malicious Container Execution. It does not properly perform the file-descriptor handling which allows a malicious user to overwrite the host runc binary and subsequently executing containers such as 1 a new container with an attacker-controlled imag...
Arbitrary Command Execution
ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...
Denial Of Service (DoS)
libsystemd.so is vulnerable to denial of service. A malicious DHCP server in the adjacent network is able to corrupt heap memory in the DHCPv6 client via a crafted options packet, resulting in a denial of service condition or possible code execution...
Denial Of Service (DoS)
389-ds-base is vulnerable to denial of service DoS attacks. The vulnerability exists as a flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial ...
Privilege Escalation
glibc is vulnerable to privilege escalation attacks. The vulnerability exists as elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a...
Arbitrary Code Execution
richfaces is vulnerable to arbitrary code execution attacks. The vulnerabitiy exists as JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an...
Information Disclosure
Systems with microprocessors utilizing speculative execution and address translations are vulnerable to information disclosure. An L1TF issue allows an unprivileged attacker to read privileged memory of the kernel or other processes by conducting targeted cache side-channel attacks...
Arbitrary Code Execution
jbossas is vulnerable to arbitrary code execution attacks. The vulnerability exists as Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...
Arbitrary Code Execution
glibc is vulnerable to arbitrary code execution. A buffer overflow vulnerability in the glob function in glob.c, caused by an off-by-one error, allows an attacker to execute arbitrary code and escalate his privileges...
Memory Corruption
kernel-rt is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code...
Arbitrary Code Execution
patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitabl...
ASLR Bypass
kernel-rt is vulnerable to ASLR bypass attacks. The vulnerability exists as the archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the...
Privilege Escalation
kernel is vulnerable to privilege escalation attacks. The vulnerability exists as an elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate becau...