[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

152126

 
 

909

 
 

121618

 
 

163

 
 
Paid content will be excluded from the download.

Filter
Matches : 45 Download | Alert*

In libwpd-dev 0.10.2, there is a NULL pointer dereference in the functionWP6Content Listener::defineTable in WP6Content Listener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.

elflink.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.28, has a "member access within null pointer"undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via an "int main {return 0;}" program.

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.

A use-after-free defect was discovered in pacemaker that can possibly lead to unsolicited information disclosure in the log outputs.

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.

** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco3-dev 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The co ...

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.


Pages:      Start    1    2    3    4    ..   4

© SecPod Technologies