|Paid content will be excluded from the download.
| Matches : 2990
|It was discovered that the acpi-support update for DSA-2984-1 would make a laptop"s power button forcibly shut the system down, instead of triggering the configured action . This only affects systems using the gnome-settings-daemon. For reference, the original advisory follows. CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ ...
Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/08/wordpress-3-9-2/
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates. CVE-2014-3695 Yves Younan and Richard Johnson discovered that emotictons with overly large length values could crash Pidgin. CVE-2014-3696 Yves Younan and Rich ...
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.
It was discovered that libgtk2-perl, a Perl interface to the 2.x series of the Gimp Toolkit library, incorrectly frees memory which GTK+ still holds onto and might access later, leading to denial of service or, potentially, to arbitrary code execution.
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on Elgamal decryption performance. CVE-2015-0837 The modular exponentiation routine mpi_po ...
Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026 Multiple function didn"t check for NULL bytes in path names. CVE-2015-4024 Denial of service when processing multipart/form-data requests. CVE-2015-4022 Integer overflow in the ftp_genlist function may result in denial of service or potentially the execution of arbitrary code. CVE-2015-4021 CVE-2015-3329 CVE-2015-2 ...
Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion"s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous access may be possible to files for which only authenticated access should be possible. This issue ...
Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.
Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitary code by injecting commands via crafted URLs.
Pages:      Start    276    277    278    279    280    281    282    283    284    285    286    287    288    289    ..   298
© 2013 SecPod Technologies