[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 3183 Download | Alert*

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in convert.iconv stream filter CVE-2018-10547 The fix for CVE-2018-5712 was incomplete CVE-2018- ...

It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.

Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.

Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application"s root directory via specially crafted requests, when the Sprockets server is used in production.

It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling.

Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.

Several vulnerabilites have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.

Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.

Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read user- specified environment variables and the "UseLogin" option is enabled, a local user may escalate her privileges to root. In Debian "UseLogin" is not enabled by default.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   318

© SecPod Technologies