[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6597 Download | Alert*

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "noscript" and one or more raw text tags were whitelisted.

Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution.

A flaw was reported in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol.

Three vulnerabilities have been found in the MySQL Connector/J JDBC driver.

The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-11793 Cim Stordal discovered that maliciously crafted web content may lead to arbitrary code execution or a denial of service.

Bernd Edlinger discovered that malformed data passed to the SSL_check_chain function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service. The oldstable distribution is not affected.

It was discovered that insufficient sanitising of received network packets in the game server of Teeworlds, an online multi-player platform 2D shooter, could result in denial of service.

A vulnerability was found in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope could create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role.

Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service.

Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.


Pages:      Start    345    346    347    348    349    350    351    352    353    354    355    356    357    358    ..   659

© SecPod Technologies