[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3014 Download | Alert*

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7092 Jeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba discovered a flaw in the handling of L3 pagetable entries, allowing a malicious 32-bit PV guest administrator can escalate their privilege to that of the host. CVE-2016-70 ...

Nick Wellnhofer discovered that the xsltFormatNumberConversion function in libxslt, an XSLT processing runtime library, does not properly check for a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds the pattern string.

A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service or execute arbitrary code, if a user is tricked into opening a specially crafted website.

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to hijack victims" credentials, access sensitive information, execute arbitrary commands, bypass read and post restrictions, or mount denial-of-service attacks.

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability.

George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions , thus allowing remote authenticated users to execute arbitrary code on the firebird server.

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

It was discovered that unrestricted YAML deserialisation of data sent from agents to the server in the Puppet configuration management system could result in the execution of arbitrary code. Note that this fix breaks backward compability with Puppet agents older than 3.2.2 and there is no safe way to restore it. This affects puppet agents running on Debian wheezy; we recommend to update the the pu ...

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a library to access Zip archives, which could result in denial of service and potentially the execution of arbitrary code if a malformed archive is processed.

Pages:      Start    279    280    281    282    283    284    285    286    287    288    289    290    291    292    ..   301

© 2013 SecPod Technologies