[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15124 Download | Alert*

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as "Zip-Slip".

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a "\0" byte to trigger an out-of-bounds read that leads to DoS.

There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service upon allocation failure.

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.

SimpleXML is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor"s CVE-2017-11555 fix .

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.


Pages:      Start    562    563    564    565    566    567    568    569    570    571    572    573    574    575    ..   1512

© SecPod Technologies