Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 64713 in total

FreeBSD: tarsnap -- buffer overflow and local DoS Vulnerability

  • Severity: 4
  • Published: August 20, 2015

Colin Percival reports: 1. SECURITY FIX: When constructing paths of objects being archived, a buffer could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte paths. Theoretically this could be exploited by an unprivileged user whose files are being archived; I do not believe it is exploitable ...

FreeBSD: vlc -- arbitrary pointer dereference vulnerability (CVE-2015-5949) Vulnerability

  • Severity: 4
  • Published: August 19, 2015

oCERT reports: The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to ...

FreeBSD: drupal -- multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 18, 2015

Drupal development team reports: This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML elem...

RHSA-2015:1640: pam security update Vulnerability

  • Severity: 4
  • Published: August 17, 2015

An updated pam package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References s...

Amazon Linux AMI: Security patch for php54 (ALAS-2015-583) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

PHP process crashes when processing an invalid file with the "phar" extension. (CVE-2015-5589 )

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. (CVE-2015-3152 )

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue. (CVE-201...

FreeBSD: django -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

Tim Graham reports: Denial-of-service possibility in logout() view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view (provided it wasn't decorated with django.contrib.auth.decorators.login_required as done in the admin)...

Amazon Linux AMI: Security patch for php55 (ALAS-2015-584) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

PHP process crashes when processing an invalid file with the "phar" extension. (CVE-2015-5589 )

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. (CVE-2015-3152 )

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue. (CVE-201...

USN-2720-1: Django vulnerability Vulnerability

  • Severity: 4
  • Published: August 17, 2015

Lin Hua Cheng discovered that Django incorrectly handled the session store.A remote attacker could use this issue to cause the session store to fillup, resulting in a denial of service. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://...

Amazon Linux AMI: Security patch for php56 (ALAS-2015-585) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

PHP process crashes when processing an invalid file with the "phar" extension. (CVE-2015-5589 )

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. (CVE-2015-3152 )

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue. (CVE-201...