3 matches found
MessagePack for Java 安全漏洞
MessagePack for Java is a serializer software from MessagePack open source. A security vulnerability exists in MessagePack for Java versions prior to 0.9.11, which stems from a failure to limit the payload length when deserializing, which could result in a denial of service...
Arbitrary file read vulnerability in yard server
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
ALPINE-CVE-2016-9942
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed leng...