[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 308 Download | Alert*

The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share.

The host is installed with RHEL 6 or 7 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly sanitize certain input before passing it to the gnuplot delegate functionality. Successful exploitation could allow attackers to execute arbitrary code.

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real in journald-server.c does not free the memory allocated by set_iovec_field_free to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

The host is installed with Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. Successful exploitation allows remote attackers to execute arbitrary commands.

A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.

The host is installed with samba version 4.x and is prone to a denial of service vulnerability. A flaw is present in samba which fails to handle character conversion at log level 3 or above. An unauthenticated attacker could use this flaw to cause samba to crash.


Pages:      Start    10    11    12    13    14    15    16    17    18    19    20    21    22    23    ..   30

© SecPod Technologies