[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80963 Download | Alert*

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir","fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog. Fixed In Version: libXfont 1.5.4, libXfont2 2.0.3

CVE-2017-14746: Use-after-free vulnerability. Affected Versions All versions of Samba from 4.0.0 onwards. Fixed In Samba 4.7.3, 4.6.11 and 4.5.15

CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2017-14746: Use-after-free vulnerability. Affected Versions: All versions of Samba from 4.0.0 onwards. Fixed In: Samba 4.7.3, 4.6.11 and 4.5.15

In Exim 4.90 and earlier, there is a buffer overflow in an utility function, if some pre-conditions are met. Using a handcrafted message, remote code execution seems to be possible.

CVE-2017-7826: Memory safety bugs CVE-2017-7828: Use-after-free of PressShell while restyling layout CVE-2017-7830: Cross-origin URL information leak through Resource Timing API Fixed In:¶ Firefox ESR 52.5

hostapd 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service via a crafted WPS operation.

There were two bugs in curl"s parser for the command line option --write-out that would skip the end of string zero byte if the string ended in a % or \ , and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the target file etc. Affected versions: 6.5 to and including 7.53.1 Not affected versions: = 7.54.0

CVE-2017-6886: Memory corruption in the parse_tiff_ifd An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Fixed In Version: LibRaw 0.18.2

When libcurl connects to an FTP server and successfully logs in , it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a clo ...


Pages:      Start    3474    3475    3476    3477    3478    3479    3480    3481    3482    3483    3484    3485    3486    3487    ..   8096

© SecPod Technologies