[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 10145 Download | Alert*

interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.

snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass."

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted MPEG-4 video data.

[eap-pwd: authentication bypass via an invalid curve attack]

[eap-pwd: fake authentication using reflection]

Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these sockets. An unprivileged user is able to connect to the virtlockd or virtlogd daemons and use the a ...

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1014

© SecPod Technologies