In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion"s svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memor ...
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping sec ...
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained ...
This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c . - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb . Update to version 5. ...
This update for giflib fixes the following issues: * CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . * CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c . * CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb . Update to version 5. ...
Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation.