[Forgot Password]
Login  Register Subscribe

26309

 
 

132812

 
 

150598

 
 

909

 
 

119763

 
 

159

 
 
Paid content will be excluded from the download.

Filter
Matches : 4353 Download | Alert*

Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally the libvirt"s cpu map was updated to make addressing CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, C ...

Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally the libvirt"s cpu map was updated to make addressing CVE-2018-3639, CVE-2017-5753, CVE-2017-5715, C ...

Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1939/

Dean Rasheed discovered that row security policies in the PostgreSQL database system could be bypassed. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1939/

Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly even if math and svg are not in the allowlist.

Andrew Bartlett discovered that awl-doc, DAViCal Andrew"s Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users.

Andrew Bartlett discovered that awl-doc, DAViCal Andrew"s Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users.

It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users.

It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users.

Several vulnerabilities have been found in the libtiff5-dev library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   435

© SecPod Technologies