[Forgot Password]
Login  Register Subscribe

24547

 
 

132804

 
 

129694

 
 

909

 
 

106691

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 3983 Download | Alert*

Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient.

Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, "ceph mon" did not validate capabilities for pool operations and a format string vulnerability in libradosstriper could result in denial of service.

Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibi ...

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch .

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch .

Florian Grunow und Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment.

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution. CVE-2017-17480 Write stack buffer overflow in the jp3d and jpwl codecs can result in a denial of service or remote code execution via a crafted jp3d or jpwl file. CVE-2018-5785 Integer overflow can result in a denial of ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   398

© SecPod Technologies