[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6547 Download | Alert*

Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm without detecting it. CV ...

A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.

Abhishek Arya discovered a buffer overflow in the MakeBigReq macro provided by libx11, which could result in denial of service or the execution of arbitrary code. Several other xorg packages will be recompiled against the fixed package after the release of this update. For detailed information on the status of recompiled packages please refer to the Debian Security Tracker at https://security-tra ...

It was discovered that missing input sanitising in Libreoffice"s filter for HWP documents may result in the execution of arbitrary code if a malformed document is opened.

Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecure FLIC file format plugin.

Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

Jose Duart of the Google Security Team discovered a double free flaw and a heap-based buffer overflow flaw in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package.

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute. Shell command execution can be re-enabled using the "expandaddr" ...


Pages:      Start    390    391    392    393    394    395    396    397    398    399    400    401    402    403    ..   654

© SecPod Technologies