[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15249 Download | Alert*

The Binary File Descriptor library , as distributed in GNU Binutils 2.28, has an invalid read because the code to emit relocs does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker program crash.

GNU Binutils 2.28 allows remote attackers to cause a denial of service via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected.

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that a ...

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

The decode_residual function in libav-toolscodec in libav-tools 9.21 allows remote attackers to cause a denial of service or obtain sensitive information from process memory via a crafted h264 video file.

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.


Pages:      Start    584    585    586    587    588    589    590    591    592    593    594    595    596    597    ..   1524

© SecPod Technologies