[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 82199 Download | Alert*

CVE-2016-10217: The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service via a crafted file that is mishandled in the color management module.

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.

CVE-2017-3308: mariadb 10.1.23 CVE-2017-3309: mariadb 10.1.23 CVE-2017-3453: mariadb 10.1.23 CVE-2017-3456: mariadb 10.1.23 CVE-2017-3464: mariadb 10.1.23 CVE-2017-3636: mariadb 10.1.26 CVE-2017-3641: mariadb 10.1.26 CVE-2017-3653: mariadb 10.1.26

The vulnerability is caused due to an error in the"lha_read_file_header_1" function, which can be exploited to trigger an out-of-bounds read memory access via a specially crafted archive. Affected versions: libarchive version 3.2.2.Other versions may also be affected. Reference: Patch:

CVE-2017-5024 A heap overflow flaw was found in FFmpeg CVE-2017-5025 A heap overflow flaw was found in FFmpeg

It was reported that offsets contained in cache files aren"t checked if they"re in legal ranges or are pointers at all. The lack of validation allows an attacker to trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. When used with setuid binaries using crafted cache files, privilege escalation is possible. Reference Patch

CVE-2016-9811: The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service via a crafted ico file.

libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subs ...

CVE-2016-5419: TLS session resumption client cert bypass. Fixed In Version: curl 7.50.1 CVE-2016-5420: Re-using connection with wrong client cert. Fixed In Version: curl 7.50.1 CVE-2016-5421: Use of connection struct after free. Fixed In Version: curl 7.50.1

CVE-2016-9013: User with hardcoded password created when running tests on Oracle. When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn"t manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allow an attacker with network access to the database server to connect. CVE-2016-9014: DNS ...


Pages:      Start    3788    3789    3790    3791    3792    3793    3794    3795    3796    3797    3798    3799    3800    3801    ..   8219

© SecPod Technologies