The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
Monthly Archives: March 2015
CVE-2014-9706 (debian_linux, dulwich)
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
CVE-2014-9707 (goahead)
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.
CVE-2014-9708 (appweb)
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by “Range: x=,”.
CVE-2015-0838 (debian_linux, dulwich)
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
CVE-2015-2684
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.
CVE-2015-2753
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.
CVE-2015-2754
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a “premature EOF.”
CVE-2015-2776
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
[ MDVA-2015:003 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:003 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : apache Date : March 31, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: A regression was found with the MDVSA-2015:093 advisory that made the apache server fail to start due to faulty linking. This problem has now been fixed. _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: fe55c0cfb54d308b28dae54059dcc709 mbs2/x86_64/apache-2.4.12-1.1.mbs2.x86_64.rpm cb2775508764706eaf392229fac3ca2b mbs2/x86_64/apache-devel-2.4.12-1.1.mbs2.x86_64.rpm 30b6d128d794f785563590a1a3979483 mbs2/x86_64/apache-doc-2.4.12-1.1.mbs2.noarch.r