|Paid content will be excluded from the download.
| Matches : 2990
|Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files , can take advantage of this flaw to circumvent the signature of the InRelease file, leading to arbitrary code execution.
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation.
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2017-8816 Alex Nichols discovered a buffer overrun flaw in the NTLM authentication code which can be triggered on 32bit systems where an integer overflow might occur when calculating the size of a memory allocation. CVE-2017-8817 Fuzzing by the OSS-Fuzz project led to the discovery of a read out of bounds flaw in the FTP wil ...
Multiple vulnerabilities have been found in Tor, a connection-based low-latency anonymous communication system.
Ben Hayak discovered that objects embedded in Writer and Calc documents may result in information disclosure. Please see https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ for additional information.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-14746 Yihan Lian and Zhibin Hu of Qihoo 360 GearTeam discovered a use-after-free vulnerability allowing a client to compromise a SMB server via malicious SMB1 requests. CVE-2017-15275 Volker Lendecke of ...
Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attackers to run an arbitrary shell command.
Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects. The packages in Debian stable are not known to be affected by this vulnerability. It is addressed in this update nonetheless, so future re ...
Matthew Hall discovered that GNUTLS does not properly handle truncated GenericBlockCipher structures nested inside TLS records, leading to crashes in applications using the GNUTLS library.
Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further. This could result in out-of-bounds memory accesses and application crashes. Applications using GNUTLS are exposed to this issue.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   298
© 2013 SecPod Technologies