[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3014 Download | Alert*

Several vulnerabilities have been fixed in eglibc, Debian"s version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions. The original glibc bug was reporte ...

Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service or arbitrary code execution. CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-201 ...

Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application"s settings.

Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.

The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem.

Two vulnerabilities were discovered in Symfony, a PHP framework. CVE-2016-1902 Lander Brandt discovered that the class SecureRandom might generate weak random numbers for cryptographic use under certain settings. If the functions random_bytes or openssl_random_pseudo_bytes are not available, the output of SecureRandom should not be consider secure. CVE-2016-4423 Marek Alaksa from Citadelo discover ...

Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library. Additionally this update includes an enhancement to enable applications to fully disable DTD ...

It was discovered that redis, a persistent key-value database, did not properly protect redis-cli history files: they were created by default with world-readable permissions. Users and systems administrators may want to proactively change permissions on existing ~/rediscli_history files, instead of waiting for the updated redis-cli to do so the next time it is run.

Pages:      Start    286    287    288    289    290    291    292    293    294    295    296    297    298    299    ..   301

© 2013 SecPod Technologies