[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6629 Download | Alert*

Elton Nokaj discovered that incorrect error handling in Bottle, a WSGI framework for Python, could result in the disclosure of sensitive information.

It was discovered that Booth, a cluster ticket manager, didn"t correctly restrict intra-node communication when configuring the authfile configuration directive.

A vulnerability was discovered in open-vm-tools, an open source implementation of VMware Tools, allowing an unprivileged local guest user to escalate their privileges as root user in the virtual machine.

Matthew Wild discovered that the WebSockets code in Prosody, a lightweight Jabber/XMPP server, was susceptible to denial of service.

Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the security-restricted operation sandbox. For additional information please refer to the upstream announcement at https://www.postgresql.org/support/security/CVE-2022-1552/

Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the security-restricted operation sandbox. For additional information please refer to the upstream announcement at https://www.postgresql.org/support/security/CVE-2022-1552/

Lahav Schlesinger discovered a vulnerability in the revocation plugin of strongSwan, an IKE/IPsec suite. The revocation plugin uses OCSP URIs and CRL distribution points which come from certificates provided by the remote endpoint. The plugin didn"t check for the certificate chain of trust before using those URIs, so an attacker could provided a crafted certificate containing URIs pointing to ser ...

Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability. See https://varnish-cache.org/security/VSV00011.html for details.

Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted ...

Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible to denial of service via recursive XML entity expansion.


Pages:      Start    363    364    365    366    367    368    369    370    371    372    373    374    375    376    ..   662

© SecPod Technologies