739 matches found
Design/Logic Flaw
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
UBUNTU-CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
PYSEC-2018-93
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
PYSEC-2018-93
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
CVE-2018-14635
The CVE-2018-14635 vulnerability affects OpenStack Neutron’s ml2 Linux Bridge driver. The issue allows non-privileged tenants to create and attach ports without assigning an IP address, bypassing IP address validation. This can lead to a potential denial of service if an IP outside the allowed al...
CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...
Sentinel License Manager lservnt.exe Component Denial of Service Vulnerability
Sentinel License Manager is a suite of software that remotely performs software license management. lservnt.exe is one of the Sentinel License Manager startup components. A security vulnerability exists in the lservnt.exe component of Sentinel License Manager version 8.5.3.35, which is caused by...
PT-2019-4775 · Python +8 · Python +8
Name of the Vulnerable Software and Affected Versions: Python versions 2.7.16 and earlier Python versions 3.x through 3.5.7 Python versions 3.6.x through 3.6.9 Python versions 3.7.x through 3.7.4 Description: The issue is related to the email module in Python, which incorrectly parses email...
OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)
The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...
Unspecified Vulnerability in Rclone
Rclone is a command line program for synchronizing files and directories. A security vulnerability exists in Rclone version 1.42 that stems from the program failing to validate URL fields from the Google Cloud Storage API server. An attacker could exploit the vulnerability to pass arbitrary conte...
CVE-2017-16021
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
CVE-2017-0930
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...
Null pointer dereference
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqseefusewrite could lead to untrusted pointer dereference...
Design/Logic Flaw
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qseegetsecurestate syscall...
CVE-2015-9109
The CVE-2015-9109 issue concerns Android devices using Qualcomm Snapdragon Automotive and Snapdragon Mobile MDM9625, SD 425/430/450/625/650/52/820/820A. The root cause is lack of address-argument validation in the inqsee_fuse_write path, which could lead to an untrusted pointer dereference. Conne...
CVE-2015-9114
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qseequerycounter syscall could lead to untrusted pointer dereference...
CVE-2015-9115
CVE-2015-9115 affects Android on Qualcomm Snapdragon platforms (Automotive and Mobile MDM9625 and several Snapdragon 410/12/425/430/450/615/16/415/617/625/650/52/820/820A). The root cause is missing validation of the address argument in the qsee_prng_getdata syscall, enabling potential misuse. Re...
CVE-2018-6879
The CVE-2018-6879 entry concerns PHP Scripts Mall Website Seller Script 2.0.3 where client-side validation is used to enforce email format. The vulnerability arises because the validation can be bypassed by removing the client-side validation code, enabling a remote attacker to modify a registere...