[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15012 Download | Alert*

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used.

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop may cause a Denial of Service via crafted sass input files with stray "&" or "/" characters.

An issue was discovered in NumPy 1.16.0 and earlier. It uses the picklePython module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp.

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.

** DISPUTED ** In the GNU C Library through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by "*" in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

memory-based DoS in libtiff-tools2bw

** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossi ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   1501

© SecPod Technologies