|Paid content will be excluded from the download.
| Matches : 3040
|It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization.
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release , Debian 9. An alternative is to switch to the fi ...
Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.
Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180112.txt
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution , this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution , this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution , ...
Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.
George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.
Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions b ...
It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked in an error state, causing data to be passed without being decrypted or encrypted directly from the ...
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   303
© 2013 SecPod Technologies