[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 43198 Download | Alert*

CVE-2016-0718 : Out-of-bounds read flaw An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.

A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successful ...

CVE-2012-6702: Using XML_Parse before rand results into non-random output. Reference: CVE-2016-5300: Little entropy used for hash initialization. The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete f ...

Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path . A local attacker able to trick a victim into runni ...

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using t ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An array index error was found in the gdth driver in the Linux kernel. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. * NULL pointer dereference flaws were found in the r128 driv ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb function in the Linux kernel Stream Control Transmission Protocol implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. * a missing boundary check was fou ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb function in the Linux kernel Stream Control Transmission Protocol implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. * ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the IPv6 Extension Header handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo function. This could possibly lead to a remote denial of service. * a flaw was found in ea ...

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * an array index error was found in the gdth driver. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request could dereference ...


Pages:      Start    1184    1185    1186    1187    1188    1189    1190    1191    1192    1193    1194    1195    1196    1197    ..   4319

© SecPod Technologies