[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 82199 Download | Alert*

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion"s svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memor ...

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping sec ...

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained ...

This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c . - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb . Update to version 5. ...

This update for giflib fixes the following issues: * CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . * CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c . * CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb . Update to version 5. ...

kde4libs: KDE 4 core applications and libraries KDE-Libs could be made to overwrite files.

Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation.


Pages:      Start    3397    3398    3399    3400    3401    3402    3403    3404    3405    3406    3407    3408    3409    3410    ..   8219

© SecPod Technologies