8751 matches found
Improper Access Control
Overview Affected versions of this package are vulnerable to Improper Access Control. The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
rsync access restriction bypass vulnerability (CNVD-2018-00212)
rsync is a data mirroring backup application for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras that synchronizes file and directory updates between two computers and uses differential encoding to reduce data transfers. A security vulnerability in...
Randy Bias joins Wallarm board of advisers
Menlo Park, California — December 5, 2017 — Wallarm today announced that Randy Bias, Vice President of Technology and Strategy, Cloud Software at Juniper and founder of Cloudscaling acquired by EMC, has joined Wallarm’s board of advisers. “Randy is an agile cloud pioneer and a thought leader in...
Developers Targeted in ‘ParseDroid’ PoC Attack
Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...
USN-3497-1 openjdk-7 vulnerabilities
It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...
CVE-2017-9316
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...
BlackBerry QNX Software Development Platform Arbitrary Function Call Vulnerability Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An arbitrary function call vulnerability exists in the default configuration of the QNX SDP system in BlackBer...
BlackBerry QNX Software Development Platform Information Disclosure Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...
BlackBerry QNX Software Development Platform Elevation of Privilege Vulnerability
The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An elevation of privilege vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...
KLA11133 Multiple vulnerabilities in Microsoft Development Tools
Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core can be...
[SECURITY] Fedora 25 Update: perl-Catalyst-Plugin-Static-Simple-0.34-1.fc25
The Static::Simple plugin is designed to make serving static content in your application during development quick and easy, without requiring a single line of code from you...
[SECURITY] Fedora 26 Update: icu-57.1-7.fc26
Tools and utilities for developing with icu...
[SECURITY] Fedora 26 Update: perl-Catalyst-Plugin-Static-Simple-0.34-1.fc26
The Static::Simple plugin is designed to make serving static content in your application during development quick and easy, without requiring a single line of code from you...
MHA - Mail Header Analyzer
Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name | Dev | Issues ---|---|---...
CVE-2017-9371
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...
Buffer overflow
In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...