New vulnerabilities from the NVD: CVE-2008-7273 | | |
New vulnerabilities from the NVD: CVE-2011-1145 (debian_linux, enterprise_linux, opensuse, unixodbc) | | The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. Published at: November 14, 2019 at 04:15AM View on website November 20, 2019 at 02:02AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-4657 (debian_linux, enterprise_linux, php) | | PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. Published at: November 13, 2019 at 11:15PM View on website November 20, 2019 at 06:14PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-1028 | | The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. Published at: November 20, 2019 at 05:15PM View on website November 20, 2019 at 08:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-0529 | | Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. Published at: November 20, 2019 at 06:15PM View on website November 20, 2019 at 08:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-4660 | | Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. Published at: November 20, 2019 at 06:15PM View on website November 20, 2019 at 08:02PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-1490 (debian_linux, opensuse, rsyslog) | | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset Published at: November 14, 2019 at 04:15AM View on website November 20, 2019 at 10:13PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-1489 (debian_linux, opensuse, rsyslog) | | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. Published at: November 14, 2019 at 04:15AM View on website November 20, 2019 at 10:13PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-4659 | | Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents. Published at: November 20, 2019 at 07:15PM View on website November 20, 2019 at 10:13PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2009-5047 (debian_linux, jetty) | | Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string. Published at: November 15, 2019 at 06:15PM View on website November 21, 2019 at 08:02PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар