[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80305 Download | Alert*

A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page

A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw. A flaw was discovered in python-pillow where it does not properly restrict operations within the bounds of a ...

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ig ...

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. A vulnerability was found in th ...

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation

An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read


Pages:      Start    3503    3504    3505    3506    3507    3508    3509    3510    3511    3512    3513    3514    3515    3516    ..   8030

© SecPod Technologies