[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6629 Download | Alert*

Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply function called during a TCP connection, which is used then as a size argument in a function which writes data on the client"s connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potent ...

Multiple vulnerabilities were discovered in the dissectors/parsers for LBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which could result in denial of service.

It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code.

Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4

Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service. The oldstable distribution is not affected.

The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a denial of service via crafted XML data.

William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened.

It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-1 update. For reference the original advisory text follows. The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly h ...


Pages:      Start    334    335    336    337    338    339    340    341    342    343    344    345    346    347    ..   662

© SecPod Technologies