[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134312

 
 

909

 
 

108836

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 4057 Download | Alert*

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.

Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service or possibl ...

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

"shamger" and Carlo Cannas discovered that a programming error in Varnish, a state of the art, high-performance web accelerator, may result in disclosure of memory contents or denial of service. See https://varnish-cache.org/security/VSV00002.html for details.

Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files , which could result in the execution of arbitrary code if a malformed spreadsheet is processed.

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. I ...

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2015-3165 SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 The replacement implementation of snprintf failed to check for errors reported by the underlying system library calls; the main case that might be missed is out-of-memory situations. I ...

The update for postgresql-9.1 in DSA-3269-1 introduced a regression which can causes PostgreSQL to refuse to restart after an unexpected shutdown or when restoring from a binary backup. Updated packages are now available to address this regression. Please refer to the upstream Bug FAQ for additional information: https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug For reference, the ori ...

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   405

© SecPod Technologies