[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

123775

 
 

909

 
 

102573

 
 

150

 
 
Paid content will be excluded from the download.

Filter
Matches : 7899 Download | Alert*

An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service via crafted xml file.

An issue has been found in Mini-XML 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

Certain function pointers in Trusted Boot through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module by hooking these function pointers.

The htcondor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service by leveraging use of GSI and VOMS extensions.

** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product.

The order and group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

The host is installed with Jenkins LTS before 2.138.2 or Jenkins rolling release before 2.146 and is prone to a remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an issue in Stapler web framework. Successful exploitation allow attackers to obtain sensitive information through crafted URLs.

The host is installed with Jenkins LTS before 2.138.2 or Jenkins rolling release before 2.146 and is prone to a remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an issue in Stapler web framework. Successful exploitation allow attackers to obtain sensitive information through crafted URLs.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   789

© SecPod Technologies