CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

Code injection

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

CVE-2015-5242

CVE-2015-5242 affects OpenStack Swift-on-File (swiftonfile). The issue arises from loading metadata with Python’s pickle without proper restrictions, enabling a remote authenticated user to execute arbitrary code via crafted xattrs. Documented impact is remote code execution on the storage node; ...

RedHat Update for sssd RHSA-2015:2355-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : gcc48 (openSUSE-2015-723)

This update for GCC 4.8 provides the following fixes : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 - Fix linker segmentation fault when building SLOF on ppc64le. bsc949000 - Fix noinstrumentfunction attribute handling on PPC64...

sssd: memory leak in the sssd_pac_plugin

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

Scientific Linux Security Update : sssd on SL6.x i386/x86_64 (20151110)

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

Oracle Linux 6 : sssd (ELSA-2015-2019)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2019 advisory. 1.12.4-47.4 - Resolves: rhbz1268783 - Memory leak / possible DoS with krb auth. 1.12.4-47.3 - Resolves: rhbz1268784 - SSSD POSIX attribute check is too strict...

CentOS 6 : sssd (CESA-2015:2019)

Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

libipa_hbac, libsss_idmap, libsss_nss_idmap, libsss_simpleifp, python, sssd security update

CentOS Errata and Security Advisory CESA-2015:2019 Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base...

sssd: memory leak in the sssd_pac_plugin

It was found that SSSD's Privilege Attribute Certificate PAC responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon...

sssd security and bug fix update

1.12.4-47.4 - Resolves: rhbz1268783 - Memory leak / possible DoS with krb auth. 1.12.4-47.3 - Resolves: rhbz1268784 - SSSD POSIX attribute check is too strict 1.12.4-47.2 - Resolves: rhbz1264098 - cleanupgroups should sanitize dn of groups 1.12.4-47.1 - Resolves: rhbz1258398 - sysdb sudo search...

Microsoft Internet Explorer htmlFor Attribute Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Mozilla Firefox Features Denial of Service Vulnerability

Mozilla Firefox is an open source web browser. The Mozilla Firefox accessibility-tools feature on the OS X platform fails to properly interact with the TABLE element, allowing remote attackers to perform a denial-of-service attack by referencing the row index using the NSAccessibilityIndexAttribu...

Algolia: Stored XSS on https://www.algolia.com/realtime-search-demo/*

Description When you generate a UI demo, the values of the Attributes are not escaped when printed in the page of the demo. There is a protection by CloudFlare, but because the values of the Attributes are printed in Javascript code, I found a way to abuse this to execute Javascript code. Seems...

CVE-2007-0104

The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...

CVE-2007-0103

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...

UBUNTU-CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...

CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...