9 matches found
CVE-2026-34228
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...
CVE-2026-34228
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...
Vulnerability fixed in x.org
A vulnerability has been fixed in X.org. A malicious person could exploit the vulnerability to appropriate elevated privileges within the X server and thus potentially execute arbitrary code with application privileges. Under usual circumstances, an X server runs with limited permissions. -= Debi...
Vulnerability fixed in Tomcat
Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...
Vulnerabilities fixed in cURL
Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...
Vulnerabilities fixed in Ghostscript
Vulnerabilities have been fixed in Ghostscript. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to execute arbitrary code under the privileges of the user. -= Ubuntu =- Canonical has made updates available for Ubuntu 16.04 LTS and 18.04 LTS to fix the...
Debian DLA-1862-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered that the USB Video Class driver uvcvideo did not consistently handle a type field in device descriptors, whic...
Debian DSA-1961-1 : bind9 - DNS cache poisoning
Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchor...
SystemTap模块加载本地竞争条件漏洞
BUGTRAQ ID: 34260 CVECAN ID: CVE-2009-0784 SystemTap是一款Linux内核诊断工具,允许从运行中的Linux内核快速和安全地获取信息。 systemtap在检查和加载某些内核模块时存在竞争条件。漏洞起因是checkpath检查了路径(modulerealpath变量),但之后没有使用该路径打开文件。因此,用户可以要求stap加载当前目录中符号链接到有效内核对象的内核模块,然后迅速用恶意内核对象替换符号链接所指向的对象,导致执行本应受限制的目录之外的内核对象。...