|Paid content will be excluded from the download.
| Matches : 1830
|A vulnerability has been discovered and corrected in gimp: The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5 ...
Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x: The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses . Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file . ...
It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service attack in APR . Packages for 2009.0 are provided as of the Extended Maintenance Program
It was discovered that the fix for CVE-2011-0419 under certain conditions could cause a denial-of-service attack in APR . Packages for 2010.0 are provided as of the Extended Maintenance Program. Update: Packages for Mandriva Linux 2010.0 were missing with the MDVSA-2011:095 advisory.
Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application . The updated packages have been patched to correct these issue ...
A vulnerability was discovered and corrected in krb5-appl: ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a config ...
It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the &#039;*&#039; wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching , to exhaust all stack memory or use an excessive amount of CPU time when performing matching . Packages for 2009.0 ...
Multiple vulnerabilities has been found and corrected in imagemagick: Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory . A flaw was found in the way ImageMagick processed images with malformed Exchangeable image ...
Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. The updated packages have been patched to correct this issue.
A vulnerability has been found and corrected in openssl: A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers . The updated packages have been patched to correct this issue.
Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   182
© 2013 SecPod Technologies