Skip to content

Home
Advisory


libcURL multiple vulnerabilities
Friday, 09 January 2015 15:52

Two (2) vulnerabilities have been patch for libcurl. libcurl versions >= 7.40.0 are not affected

CVE-2014-8151 libcurl/darwinssl certificate check bypass from libcurl 7.31.0 to and including 7.39.0
Due to too aggressive session re-use, a connection with disabled certificate check can be re-used wrongly even if the certificate check is enabled again and should reject the certificate.
Patch with CVE-2014-8151.patch

CVE-2014-8150 URL request injection vulnerability from curl 6.0 to and including 7.39.0
libcurl did not reject carriage returns or line feeds embedded in the URL, which could allow request or header injections when communicating over HTTP proxy.
Patch with CVE-2014-8150.patch

 
WordPress Cforms: file upload
Friday, 09 January 2015 15:51

The Cforms 14.7 and before are vulnerable to unauthorised user file upload. It's affected contact forms thats was created without file upload box. File lib_nonajax.php accept files with all extensions, that could lead to remote code execution
It is advised to update to 14.8 from the original distributor.

 
Debian Critical Vulnerability
Thursday, 08 January 2015 16:10

The following critical vulnerabilities have been released by Debian along with their patches:
DSA-3120-1 mantis -- security update
DSA-3119-1 libevent -- security update

 
Apache Traffic Server HttpTransact Boundary Flaw
Wednesday, 07 January 2015 17:13

A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions. It is advised to update.

 
Xen Use After Free in hvm_domain_relinquish_resources()
Wednesday, 07 January 2015 17:13

A vulnerability was reported in Xen. A local user can cause denial of service conditions on the host system. It is advised to update.


 
<< Start < Prev 371 372 373 374 375 376 377 Next > End >>

Page 374 of 377
[YOUR IP: 100.24.209.47: 51500] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...