[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 80824 Download | Alert*

apport: automatically generate crash reports for debugging Apport could be made to crash or overwrite files as an administrator.

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD default binding to localhost, instead of every network interfaces. This can be changed with the added &qu ...

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in filenames in tar files or via shell meta-characters in the tar filename itself. CVE-2015-0858 Flori ...

Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD default binding to localhost, instead of every network interfaces. This can be changed with the added &qu ...

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.Puppet ...

Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML module 0.38 for Perl allow remote attackers to cause a denial of service via format string specifiers in a YAML stream to the Load function, YAML node to the load_node function, YAML mapping to the load_mapping function, or YAML sequence to the load_sequence function.

The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users" dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escal ...

Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print j ...

Bash is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. This update also fixes the following bugs: * ...


Pages:      Start    7950    7951    7952    7953    7954    7955    7956    7957    7958    7959    7960    7961    7962    7963    ..   8082

© SecPod Technologies