[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15139 Download | Alert*

plugins/preauth/pkinit/pkinit_crypto_opelibnss3-devl.c in MIT Kerberos 5 through 1.15.2 mishandles Distinguished Name fields, which allow sremote attackers to execute arbitrary code or cause a denial of service in situations involving untrustedX.509 data, related to the get_matching_data and X509_NAME_one line_exfunctions. NOTE: this has security relevance only in use cases outside of the MIT Kerb ...

A vulnerability was found in openstack-cinder-common releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIOvolumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI.This allows attackers to bypass authentication by inserting a token into anX-Auth-Token header of a new request. NOTE: githu ...

The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash .

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.

An issue was discovered in OpenStack nova-common 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header,result ing in a denial of service attack on the compute host. All nova-common setups supporting encrypted volumes are affected.

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19edoes not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brunfunction in plug-ins/file-fli/fli.c.

wp-admin/user-new.php in WordPress before 4.9.1 sets the new bloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.


Pages:      Start    609    610    611    612    613    614    615    616    617    618    619    620    621    622    ..   1513

© SecPod Technologies