[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256610

 
 

909

 
 

199263

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 82604 Download | Alert*

hostapd 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service via a crafted WPS operation.

There were two bugs in curl"s parser for the command line option --write-out that would skip the end of string zero byte if the string ended in a % or \ , and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the target file etc. Affected versions: 6.5 to and including 7.53.1 Not affected versions: = 7.54.0

CVE-2017-6886: Memory corruption in the parse_tiff_ifd An error within the "parse_tiff_ifd" function in LibRaw versions before 0.18.2 can be exploited to corrupt memory. Fixed In Version: LibRaw 0.18.2

When libcurl connects to an FTP server and successfully logs in , it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a clo ...

CVE-2016-10195: dns remote stack overread vulnerability Fixed in libevent 2.1.6

A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way: $ popd +-111111 This could be used to bypass restricted shells on some environments to cause use-after-free. Reference Patch

CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin RSA public keys passed to the gmp plugin aren"t validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack ...

An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Fixed in Gdk-Pixbuf 2.36.7

An integer overflow vulnerability in nginx range filter module in ngx_ function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header. Affected versions: nginx 0.5.6 - 1.13.2. Fixed In Version: nginx 1.13.3, nginx 1.12.1 Reference: Patch:

tcpdump 4.9.0 allows remote attackers to cause a denial of service via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. Fixed in: Tcpdump 4.9.1


Pages:      Start    3719    3720    3721    3722    3723    3724    3725    3726    3727    3728    3729    3730    3731    3732    ..   8260

© SecPod Technologies