[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 308 Download | Alert*

CVE-2019-6109 openssh: Missing character encoding in progress display allows for spoofing of scp client output.

CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client

openssh: scp client improper directory name validation

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.

It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges.

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.

The host is installed with FreeRDP through 1.0.2 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a large ScopeCount value in a Scope List. Successful exploitation could allow attackers to a denial of service (application crash) or possibly have unspecified other impact.

The host is installed with RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.


Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   30

© SecPod Technologies