[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256040

 
 

909

 
 

199103

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 26826 Download | Alert*

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

Mozilla Thunderbird 68.1 : Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward.

The host is installed with Oracle Java SE through 11.0.4 or 13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D. Successful exploitation allows attackers to affect availability.

The host is installed with Oracle MySQL Server through 5.5.51, 5.6.32 or 5.7.14 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Error Handling. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availability.

The host is installed with OpenSSH 5.7 through 8.4 and is prone to an information disclosure vulnerability. A flaw is present in application, which fails to handle algorithm negotiation. Successful exploitation could allows man-in-the-middle attackers to target initial connection attempts.

The host is installed with OpenSSH before 7.4 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an issue in sshd. Successful exploitation could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message.


Pages:      Start    1200    1201    1202    1203    1204    1205    1206    1207    1208    1209    1210    1211    1212    1213    ..   2682

© SecPod Technologies