|Paid content will be excluded from the download.
| Matches : 3040
|It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being passed to longjmp. This is a different issue than CVE-2013-1438/DSA-2748-1.
Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system running proftpd .
Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative URLs which could unexpectedly redirect a user to a different host, leading to phishing attacks. CVE-20 ...
Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service or, potentially, the execution of arbitrary code.
Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
Emanuele Rocca discovered that ppp, a daemon implementing the Point-to-Point Protocol, was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.
Several vulnerabilities were discovered in Drupal, a content management framework: CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack. CVE-2015-6659 The SQL comment filtering system could allow a user with elevated permissions to inject malicious code in SQL comments. CVE-2015-6660 The fo ...
Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
Pages:      Start    281    282    283    284    285    286    287    288    289    290    291    292    293    294    ..   303
© 2013 SecPod Technologies