cve details

The method of using PCRE regular-Expression Vulnerability CVE-2015-0318 in Flash0x00 Preface Issue 199/PSIRT-3161/CVE-2015-0318 Brief Introduction: The PCRE Regular Expression parsing engine used by Flash Note: Obviously, this engine has a vulnerability. You can see the vulnerability information on the above issue page. 0x01 background /* For \c, a following letter is upper-cased; then the 0x40 bit is flip

PHP DoS Vulnerability (CVE-2014-3669) Release date:Updated on: Affected Systems:PHPDescription:Bugtraq id: 70611CVE (CAN) ID: CVE-2014-3669 PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML. PHP versions earlier than 5.5.18 have a denial of service vulnerability. Attackers can exploit this vulnerability to cause the affected applications

OpenVPN DoS Vulnerabilities (CVE-2014-8104) Release date: 2014-12-01Updated on: 2014-6 6 Affected Systems:OpenVPN OpenVPN Access Server Description:Bugtraq id: 71402CVE (CAN) ID: CVE-2014-8104 OpenVPN is an open-source ssl vpn toolkit. In versions earlier than OpenVPN 2.3.6 and earlier than OpenVPN Access Server 2.0.11, an error occurred while parsing control channel data packets. Attackers can exploit

Wireshark RTP parser DoS Vulnerability (CVE-2014-6421) Release date:Updated on: Affected Systems:Wireshark 1.12.0Description:Bugtraq id: 69855CVE (CAN) ID: CVE-2014-6421 Wireshark is the most popular network protocol parser. Wireshark 1.12.0 has a denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications. *> Suggestion:Vendor patch: Wireshark---------The

Google Chrome information leakage (CVE-2014-3173) Release date:Updated on: Affected Systems:Google Chrome Description:--------------------------------------------------------------------------------Bugtraq id: 69403CVE (CAN) ID: CVE-2014-3173Google Chrome is a Web browser tool developed by Google.Before Chrome 37.0.2062.94, The WebGL implementation has the uninitialized memory read vulnerability. Attacker

Google Chrome Heap Buffer Overflow Vulnerability (CVE-2014-3157) Release date:Updated on: Affected Systems:Google Chrome Description:--------------------------------------------------------------------------------Bugtraq id: 67972CVE (CAN) ID: CVE-2014-3157Google Chrome is a Web browser tool developed by Google.In versions earlier than Chrome 35.0.1916.153, The FFmpegVideoDecoder: GetVideoBuffer function in

Apache Hive Security Restriction Bypass Vulnerability (CVE-2014-0228) Release date:Updated on: Affected Systems:Apache Group HiveDescription:--------------------------------------------------------------------------------Bugtraq id: 68039CVE (CAN) ID: CVE-2014-0228Apache Hive is a database software that facilitates query and management of large datasets on distributed storage devices.Apache Hive 0.6.2 and

OpenSSL NULL pointer indirect reference Local Denial of Service Vulnerability (CVE-2014-5139) Release date:Updated on: Affected Systems:OpenSSL Project OpenSSL Description:--------------------------------------------------------------------------------Bugtraq id: 69077CVE (CAN) ID: CVE-2014-5139OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. I

Wireshark ASN.1 BER parser DoS Vulnerability (CVE-2014-5165) Release date:Updated on: Affected Systems:Wireshark Description:--------------------------------------------------------------------------------Bugtraq id: 69000CVE (CAN) ID: CVE-2014-5165Wireshark is the most popular network protocol parser.In the ASN.1 BER parser of Wireshark 1.10.0-1.10.8, The dissect_ber_constrained_bitstring function in the e

Apache Struts 2 Remote Code Execution Vulnerability Analysis (CVE-2016-0785) Apache Struts 2 is one of the world's most popular Java Web Server frameworks. Unfortunately, a security researcher found a remote code execution vulnerability on Struts 2. At present, Apache has released an announcement that the risk level of this vulnerability is high.Encyclopedia of the red/Black Alliance: Struts 2Struts 2 is the next-generation product of Struts. It is a

Tags: method Oracle database Use lang query sys serve problem extraIn this article, we will work together to analyze the Oracle database's XXE Injection Vulnerability (cve-2014-6577), which was released by Oracle on January 20 with patches for this vulnerability. For XXE related knowledge, you can check the security pulse station in another article, "Unknown attack to know how to prevent--xxe loopholes defense." Vulnerability Description The XML parse

GNU Bash incomplete fix Remote Code Execution Vulnerability (CVE-2014-6278) Release date:Updated on: Affected Systems:GNU Bash Description:Bugtraq id: 70166CVE (CAN) ID: CVE-2014-6278 Bash, a Unix shell, was written by Brian fox for the GNU program in 1987. The GNU Bash 4.3 bash43-026 and earlier versions do not properly parse function definitions in environment variable values, which allows remote attacker

cve-2017-12617 Severe Remote Code Execution (RCE) vulnerability found in Apache Tomcat Affects systems with HTTP put enabled (by setting the default servlet read-only initialization parameter to false). If the default servlet parameter is read-only set to False, or the default servlet is configured, The Tomcat version before 9.0.1 (Beta), 8.5.23,8.0.47, and 7.0.82 contains potentially dangerous remote code execution on all operating systems (RCE) The

Release date:Updated on: Affected Systems:PostgreSQL 8.xDescription:--------------------------------------------------------------------------------Bugtraq id: 65721CVE (CAN) ID: CVE-2014-0067 PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets. When PostgreSQL versions earlier than 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20 run the "make check" regression test in the constructor tree, th

Release date:Updated on: Affected Systems:PostgreSQL 9.3.xPostgreSQL 9.2.xPostgreSQL 9.1.xPostgreSQL 9.0.xDescription:--------------------------------------------------------------------------------Bugtraq id: 66557CVE (CAN) ID: CVE-2014-2669PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.PostgreSQL 9.0.16, 9.1.12, 9.2.7, and 9.3.3 have multiple integer overflow vulnerabilities in cont

Release date:Updated on: Affected Systems:Apache Group Tomcat 8.0.0-RC1-8.0.3Apache Group Tomcat 7.0.0-7.0.52Apache Group Tomcat 6.0.0-6.0.39Description:--------------------------------------------------------------------------------Bugtraq id: 67671CVE (CAN) ID: CVE-2014-0075Apache Tomcat is a popular open-source JSP application server program.Apache Tomcat 8.0.0-RC1-8.0.3, 7.0.0-7.0.52, 6.0.0-6.0.39 versions have security vulnerabilities on malforme

Play bad vulnerability: Let the CVE-2014-4113 overflow Win8 1. Introduction In October 14, 2014, Crowdstrike and FireEye published an article describing a new Windows Elevation of Privilege Vulnerability.Articles about CrowdstrikeMing: This new vulnerability was discovered by hurricane panda, a highly advanced attack team. Before that, it had been at least five months before the vulnerability was exploited by HURRICANE pandatv. After Microsoft release

Release date:Updated on: Affected Systems:Apache Group Camel Apache Group Camel Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-0002 Apache Camel is an open-source integration framework based on a known enterprise-level integration model. The XSLT components of Apache Camel 2.11.0-2.11.3 and Apache Camel 2.12.0-2.12.2 use xslt routines to pa

Process and conclusion of CVE-2014-4423 Analysis Introduction Some time ago, "steamed rice" published an article on its blog "phishing attack (stealing the App Store password) on a non-jailbreaking iPhone 6 (iOS 8.1.3 )", try to reproduce the entire process after seeing the article. Since "steamed rice" clearly describes the entire process, combined with Apple's related documents, it quickly realizes background running, round robin check App running,

Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105)Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105) Release date:Updated on:Affected Systems: Unbound Description: Bugtraq id: 102817CVE (CAN) ID: CVE-2017-15105Unbound is a recursive and cached DNS parser.Unbound 1.6.8 and earlier versions have security vulnerabilities in the