350 matches found
SQL injection vulnerability in the pr***-sh***.asp file of Yueqing Hanke's website builder system.
Yueqing Hanke Network is a company engaged in website construction. A SQL injection vulnerability exists in the pr-sh.asp file of the website building system of Yueqing Hanke Network. Attackers can use the vulnerability to obtain sensitive information in the database...
AZL-35341 CVE-2019-13232 affecting package unzip for versions less than 6.0-20
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a "better zip bomb" issue...
OPENSUSE-SU-2019:1649-1 Security update for exempi
This update for exempi fixes the following issues: - CVE-2018-12648: Fixed a NULL pointer dereference crash issue when processing webp files bsc1098946. This update was imported from the SUSE:SLE-15:Update update project...
CVE-2019-2257
CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...
CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
CVE-2019-12212
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file...
SUSE-SU-2019:1203-1 Security update for samba
This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share bsc1131060. Non-security issues fixed: - Fixed an issue where the first login failed and...
ICA File Can't Be Launched by CDViewer for Specific User
Click the XenDesktop icon on StoreFront, IE11 doesn't invoke CDViewer to get through to XenDesktop. 2. Click the XenDesktop icon on StoreFront, Chrome 46.0 downloads the ICA file, clicking the downloaded ICA file doesn't invoke CDViewer to get through to XenDesktop. Usercan logon to same VDA...
CVE-2018-10114
An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions ...
Secure Web with PAC File unable to authenticate fails with http 407 error
While evaluating XenMobile with Secure Web with PAC File,Webproxy after reading the PAC file request Authentication, but it seems that Secure Web does not provide authentication. Therefore we get an Authentication failure from the Webproxy on the webpage of the Proxy within Secure Web. MDX Settin...
VIM Information Disclosure Vulnerability
VIM is an open source, configurable text editor for creating and changing any type of text, which can be used on most UNIX systems and Apple OS X. It can be used on most UNIX systems. A security vulnerability exists in VIM version 8.0.1187 that stems from the program's failure to use a mask when...
WEBrick Improper Input Validation vulnerability
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
Important: file
Issue Overview: An issue in file allowed an attacker to overwrite a fixed 20-byte stack buffer with a specially crafted .notes section in an ELF binary. Affected Packages: file Issue Correction: Run yum update file or yum update --advisory ALAS-2017-900 to update your system. New Packages: i686:...
Stack overflow
An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...
CVE-2017-1000249
An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...
CVE-2017-1000249
CVE-2017-1000249 affects the file utility: a stack-based overflow in the file() handling lets an attacker overwrite a fixed 20-byte stack buffer via a specially crafted .notes section in an ELF binary. The issue originates from a code path in file; multiple advisories (Fedora, Gentoo GLSA, Amazon...
CVE-2017-1000249
An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...
MGASA-2017-0154 Updated pcmanfm packages fix security vulnerability
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service application unavailability. CVE-2017-8934...
Cannot open PDF files downloaded from Secure Web
Issue: Error while opening a PDF file from Secure Web: "Invalid PDF format."...
CVE-2017-7925
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...