Vulnerability & Exploit Database

Displaying entries 161 - 170 of 143444 in total

Gentoo Linux: CVE-2019-1559: OpenSSL: Multiple vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 27, 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the applicati...

ISC BIND: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) Vulnerability

  • Severity: 4
  • Published: February 27, 2019

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust...

Debian: CVE-2019-9210: advancecomp -- security update Vulnerability

  • Severity: 4
  • Published: February 27, 2019

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Debian: CVE-2019-1559: openssl, openssl1.0 -- security update Vulnerability

  • Severity: 4
  • Published: February 27, 2019

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the applicati...

Ubuntu: USN-3866-3: Ghostscript regression Vulnerability

  • Severity: 4
  • Published: February 26, 2019

USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update

introduced a new regression that resulted in certain pages being printed

with a blue background. This update fixes the problem.

Original advisory details:

Tavis Ormandy discovered that Ghostscript incorrectly handled certain

elFinder PHP Connector exiftran Command Injection Exploit

Disclosed: February 26, 2019

This module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allow...

Debian: CVE-2019-9200: poppler -- security update Vulnerability

  • Severity: 7
  • Published: February 26, 2019

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.