[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6629 Download | Alert*

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent implementation, could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution.

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.

Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A new Debconf question is introduced to allow setuid installations in setups where it is needed.

Multiple vulnerabilities have been discovered in the Xen hypervisor: Several security issues affecting Xenstore could result in cross domain access or denial of service against xenstored. Additional vulnerabilities could result in guest-to-host denial of service.

Multiple vulnerabilities have been discovered in the libxen-dev hypervisor: Several security issues affecting libxen-devstore could result in cross domain access or denial of service against libxen-devstored. Additional vulnerabilities could result in guest-to-host denial of service.

Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling.


Pages:      Start    354    355    356    357    358    359    360    361    362    363    364    365    366    367    ..   662

© SecPod Technologies