The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a...
Read MoreThe DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting’s documentation has a “your communication with the server will be encrypted”...
Read MoreThe DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a...
Read MoreWith both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable. Even if you have comprehensive vulnerability management and patching programs there are almost...
Read MoreVersions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has...
Read More