Gentoo Linux Security Advisory 201908-27

Gentoo Linux Security Advisory 201908-27 - A vulnerability in Nautilus may allow attackers to escape the sandbox. Versions less than 3.30.5-r1 are affected...

CVE-2019-3570

Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...

Information disclosure

Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...

CVE-2019-3570

Call to the scryptenc function in HHVM can lead to heap corruption by using specifically crafted parameters N, r and p. This happens if the parameters are configurable by an attacker for instance by providing the output of scryptenc in a context where Hack/PHP code would attempt to verify it by...

Information disclosure

HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versio...

HHVM Memory Corruption Vulnerability

HHMV is prone to a vulnerability where unintended memory locations are possible to access. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

CVE-2018-19694

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form...

CVE-2018-19694

CVE-2018-19694 affects HMS Netbiter WS100 (3.30.5 and earlier) with a reflected Cross‑Site Scripting vulnerability in the login form. Root cause: improper input validation on web UI. Impact: confidentiality/integrity impact listed as low in ATT&CK/CVSS data; exploitation is possible remotely via ...

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2014-9761, CVE-2015-8778, CVE-2015-8779)

Summary GNU C library glibc vulnerabilities were found that affect IBM Security Network Active Bypass. Vulnerability Details CVEID: CVE-2014-9761 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nan function. By sending an...