[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254492

 
 

909

 
 

198541

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 82183 Download | Alert*

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service , aka a "better zip bomb" issue

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a re ...

A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability

A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack can still succeed

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service via empty bzip2 data in a ZIP archive. Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service via a large compression method value in the central directory file header. A heap-based buffer overflow exists in Info-Zip UnZip version CVE-2018-1000035


Pages:      Start    3294    3295    3296    3297    3298    3299    3300    3301    3302    3303    3304    3305    3306    3307    ..   8218

© SecPod Technologies