[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15178 Download | Alert*

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an arbitrary filesystem write, which can lead to code execution.

Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.

Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters.

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack.

An issue was discovered in GEGL through 0.3.32. Thegegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to thebabl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.

There is an illegal address access at asm/preproc.c in Netwide Assembler 2.14rc16 that will cause a denial of service because a certain conversion can result in a negative integer.

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure vulnerability in DNS resolver that can result in PrivateDNS queries leaked to local network"s DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages we refixed, but later updates removed the fix. cf.https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not a ...


Pages:      Start    639    640    641    642    643    644    645    646    647    648    649    650    651    652    ..   1517

© SecPod Technologies