[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 43359 Download | Alert*

PHP was updated to fix two security issues. The following vulnerabilities were fixed: * CVE-2015-5589: PHP could be crashed when processing an invalid file with the phar extension with a segfault in Phar::convertToData, leading to Denial of Service * CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath

This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching . - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression . - CVE-2019-19203: Fixed an out of bounds access when performing a string search . - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regu ...

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scri ...

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack.

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting ...

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved ...

A buffer overflow flaw was found in the way the decode_icmp_msg function in the ICMP-MIB implementation processed Internet Control Message Protocol message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved ...

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack.

A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail


Pages:      Start    1302    1303    1304    1305    1306    1307    1308    1309    1310    1311    1312    1313    1314    1315    ..   4335

© SecPod Technologies