[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194898 Download | Alert*

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian"s version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides ...

Multiple security issues have been found in file, a tool to determine a file type. These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash.

Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

This update corrects DSA 3021-1, which introduced a regression in the detection of a some "Composite Document Files" , marking them look as corrupted, with the error: "Can"t expand summary_info". On additional information, 5.11-2+deb7u4 changed the detection of certain text files in the same way php5 did this in 5.4.4-14+deb7u13. Since the new output is more accurate and this c ...

Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS , was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA.

Mancha discovered a vulnerability in rsyslog, a system for log processing. This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss. This vulnerability can be seen as an incomplete fix of CVE-2014-3634 .

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS , was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA.


Pages:      Start    7579    7580    7581    7582    7583    7584    7585    7586    7587    7588    7589    7590    7591    7592    ..   19489

© SecPod Technologies