[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80957 Download | Alert*

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.

Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation.

Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn"t honored, resulting in an information leak. CVE-2018-10875 ansible.cfg was read from the current working directory. CVE-2018-16837 The user module leaked parameters passed to ssh-keygen to the process environment. CVE-2019 ...

Two security issues have been discovered in LibreOffice: CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics.

Jeremy Harris discovered that Exim, a mail transport agent, does not properly handle the ${sort } expansion. This flaw can be exploited by a remote attacker to execute programs with root privileges in non-default configurations where ${sort } expansion is used for items that can be controlled by an attacker.

Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-11782 Ace Olszowka reported that the Subversion"s svnserve server process may exit when a well-formed read-only request produces a particular answer, leading to a denial of service. CVE-2019-0203 Tomas Bortoli reported that th ...

A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/

Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file arbitrary commands could get executed. This update removes this feature.


Pages:      Start    3214    3215    3216    3217    3218    3219    3220    3221    3222    3223    3224    3225    3226    3227    ..   8095

© SecPod Technologies