179 matches found
Heap overflow
The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...
CVE-2018-14015
The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...
CVE-2018-14015
The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...
CVE-2018-14015
The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...
Google Android elevation of privilege vulnerability (CNVD-2018-10119)
Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...
Design/Logic Flaw
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...
CVE-2014-2032
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...
CVE-2014-2032
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service out-of-bounds read and crash by leveraging permission to perform recursive queries against Deadwood, related to missing input validation...
Debian: Security Advisory (DSA-4021-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the HordeImage library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applicatio...
CVE-2017-14650
A Remote Code Execution vulnerability has been found in the HordeImage library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applicatio...
Debian Security Advisory DSA 2593-1 (moin - several vulnerabilities)
It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue is being actively exploited. This update also addresses path traversal in AttachFile. OpenVAS Vulnerability Test $Id: deb25931.nasl 6611...
Debian DSA-2214-1 : ikiwiki - missing input validation
Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or...
Debian DSA-2085-1 : lftp - missing input validation
It was discovered that in lftp, a command-line HTTP/FTP client, there is no proper validation of the filename provided by the server through the Content-Disposition header; attackers can use this flaw by suggesting a filename they wish to overwrite on the client machine, and then possibly execute...
Debian DSA-1461-1 : libxml2 - missing input validation
Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-1333-1 : libcurl3-gnutls - missing input validation
It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 1315-1] New libphp-phpmailer packages fix arbitrary shell command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1315-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19th, 2007 http://www.debian.org/security/faq -...
Debian DSA-1130-1 : sitebar - missing input validation
A cross-site scripting vulnerability has been discovered in sitebar, a web-based bookmark manager written in PHP, which allows remote attackers to inject arbitrary web script or HTML. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
[UNIX] Auto Directory Index Cross-Site Scripting Vulnerabilities
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...