[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253562

 
 

909

 
 

197267

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6624 Download | Alert*

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent implementation, could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution.

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.

Multiple vulnerabilities have been discovered in the Xen hypervisor: Several security issues affecting Xenstore could result in cross domain access or denial of service against xenstored. Additional vulnerabilities could result in guest-to-host denial of service.


Pages:      Start    353    354    355    356    357    358    359    360    361    362    363    364    365    366    ..   662

© SecPod Technologies