[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

146396

 
 

909

 
 

117043

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 1830 Download | Alert*

Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current gedit working directory . This update provides fix for that vulnerability.

A vulnerability was discovered and corrected in krb5: The merge_authdata function in kdc_authdata.c in the Key Distribution Center in MIT Kerberos 5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS re ...

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service via invalid ContextFlags data in the reqFlags field in a negTokenInit token . This update provides the fix for that security issue.

Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 1.5 through 1.6.3 allows remote attackers to cause a denial of service and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read . The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 Ge ...

Multiple vulnerabilities has been found and corrected in krb5: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 1.5 through 1.6.3 allows remote attackers to cause a denial of service and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read . The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT ...

A vulnerability was discovered and corrected in krb5-appl: ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a config ...

A vulnerability has been discovered and corrected in krb5-appl, heimdal and netkit-telnet: An unauthenticated remote attacker can cause a buffer overflow and probably execute arbitrary code with the privileges of the telnet daemon . In Mandriva the telnetd daemon from the netkit-telnet-server package does not have an initscript to start and stop the service, however one could rather easily craft a ...

Multiple vulnerabilities has been found and corrected in apache : Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp . XSS in mod_proxy_balancer manager interface . Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the ...

A vulnerability has been found and corrected in polkit: A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec . The updated packages have been patched to correct this issue.

A vulnerability was discovered and corrected in automake: The dist or distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package f ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   182

© SecPod Technologies