Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 64713 in total

FreeBSD: tarsnap -- buffer overflow and local DoS Vulnerability

  • Severity: 4
  • Published: August 20, 2015

Colin Percival reports: 1. SECURITY FIX: When constructing paths of objects being archived, a buffer could overflow by one byte upon encountering 1024, 2048, 4096, etc. byte paths. Theoretically this could be exploited by an unprivileged user whose files are being archived; I do not believe it is exploitable ...

FreeBSD: vlc -- arbitrary pointer dereference vulnerability (CVE-2015-5949) Vulnerability

  • Severity: 4
  • Published: August 19, 2015

oCERT reports: The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to ...

FreeBSD: drupal -- multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 18, 2015

Drupal development team reports: This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML elem...

Amazon Linux AMI: Security patch for php55 (ALAS-2015-584) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

PHP process crashes when processing an invalid file with the "phar" extension. (CVE-2015-5589 )

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. (CVE-2015-3152 )

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue. (CVE-201...

MS15-093: Security Update for Internet Explorer (3088903) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Amazon Linux AMI: Security patch for php56 (ALAS-2015-585) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

PHP process crashes when processing an invalid file with the "phar" extension. (CVE-2015-5589 )

As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. (CVE-2015-3152 )

PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue. (CVE-201...

FreeBSD: django -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 4
  • Published: August 17, 2015

Tim Graham reports: Denial-of-service possibility in logout() view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view (provided it wasn't decorated with django.contrib.auth.decorators.login_required as done in the admin)...

USN-2720-1: Django vulnerability Vulnerability

  • Severity: 4
  • Published: August 17, 2015

Lin Hua Cheng discovered that Django incorrectly handled the session store.A remote attacker could use this issue to cause the session store to fillup, resulting in a denial of service. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://...

ELSA-2015-1640 Moderate: Oracle Linux pam security update Vulnerability

  • Severity: 4
  • Published: August 17, 2015

Oracle Linux Security Advisory ELSA-2015-1640 http://linux.oracle.com/errata/ELSA-2015-1640.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: pam-1.1.8-12.el7_1.1.i686.rpm pam-1.1.8-12.el7_1.1.x86_64.rpm pam-devel-1.1.8-12.el7_1.1.i686.rpm pam-devel-1.1.8-12.el7_1.1.x86_64...