[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6530 Download | Alert*

Cisco Talos discovered that hdf5, a file format and library for storing scientific data, contained several vulnerabilities that could lead to arbitrary code execution when handling untrusted data.

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package in the old style Debian binary package format. This update also includes updated translations and additional ...

It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority.

Paul Rohar discovered that libdbd-mysql-perl, the Perl DBI database driver for MySQL and MariaDB, constructed an error message in a fixed-length buffer, leading to a crash and, potentially, to denial of service.

Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server , can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.

Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2019-5436 A heap buffer overflow in the TFTP receiving code was discovered, which could allow DoS or arbitrary code execution. This only affects the oldstable distribution . CVE-2019-5481 Thomas Vegas discovered a double-free in the FTP-KRB code, triggered by a malicious server sending a very large data block. CVE-2019- ...

Thomas Akesson discovered a remotely triggerable vulnerability in the mod_authz_svn module in Subversion, a version control system. When using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option an unauthenticated remote client can take advantage of this flaw to cause a denial of service by sending a request for a non-existing repository URL.

Thomas Akesson discovered a remotely triggerable vulnerability in the mod_authz_svn module in Subversion, a version control system. When using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option an unauthenticated remote client can take advantage of this flaw to cause a denial of service by sending a request for a non-existing repository URL.

It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.

It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.


Pages:      Start    408    409    410    411    412    413    414    415    416    417    418    419    420    421    ..   652

© SecPod Technologies