[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 303 Download | Alert*

A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with ...

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack re ...

A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.

A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply."

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of servi ...

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may conta ...

The host is installed with linux kernel before 3.19.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which uses incorrect data types for the results of bitwise left-shift operations. Successful exploitation allows attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function ...

The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected system.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   30

© SecPod Technologies