Category: CVE Validated

CVE-2015-3195 (api_gateway, communications_webrtc_session_controller, debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, exalogic_infrastructure, fedora, http_server, integrated_lights_out_manager_firmware, leap, life_sciences_data_hub, linux, linux_enterprise_server, mac_os_x, openssl, opensuse, solaris, sun_ray_software, transportation_management, ubuntu_linux, vm_server, vm_virtualbox)

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows...

Read More

CVE-2013-0800 (debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_workstation, firefox, firefox_esr, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, pixman, seamonkey, thunderbird, thunderbird_esr, ubuntu_linux)

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR...

Read More

CVE-2011-4838 (jruby)

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an...

Read More

CVE-2017-5594 (pagekit)

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user’s password, when the debug toolbar is enabled. The password is successfully recovered...

Read More

CVE-2012-0394 (struts)

** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this...

Read More
Loading