[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6552 Download | Alert*

A vulnerability was found in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope could create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role.

Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service.

Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.

Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers and insufficient validation of NXDOMAIN responses lacking an SOA. The version of pdns-recursor in the oldstable distribution is no longer supported. If these security issues affect your setup, you should upgrade to the stable distributi ...

Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third party authoritative name servers and insufficient sanitisation of replies from upstream servers could result in denial of service via an infinite loop. The version of Unbound in the oldstable distribution is no longer supported. If these security issues affect yo ...

Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.

Etienne Champetier discovered that Docker, a Linux container runtime, created network bridges which by default accept IPv6 router advertisements. This could allow an attacker with the CAP_NET_RAW capability in a container to spoof router advertisements, resulting in information disclosure or denial of service.

A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a man-in-the-middle attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.

Matei Badanoiu and LoRexxar@knownsec discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting attack leading to the execution of arbitrary code.

An out-of-bounds write vulnerability due to an integer overflow was reported in libexif-dev, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.


Pages:      Start    341    342    343    344    345    346    347    348    349    350    351    352    353    354    ..   655

© SecPod Technologies