Security Bulletin: A vulnerability in Apache Ant affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Ant was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2012-2098 DESCRIPTION: Apache Commons Compress and Apache Ant are vulnerable to a denial of service, caused by an error when using bzip2 compression to compress files. By...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

Denial of service

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack,...

CVE-2018-4002

The CVE-2018-4002 issue affects CUJO Smart Firewall (firmware 7003) mdnscap, where mdnscap’s mDNS label parsing mishandles compression pointers, creating an uncontrolled recursion that exhausts the call stack and crashes the mdnscap process. An unauthenticated remote attacker can send specially c...

PT-2019-10742 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall version 7003 Description: A denial-of-service issue exists due to unsafe handling of label compression pointers in mDNS packets by the mdnscap binary, leading to uncontrolled recursion and eventual stack exhaustion, causin...

SUSE-SU-2019:2668-1 Security update for sudo

This update for sudo provides the following fix: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. Other issues fixed...

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

UBUNTU-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

LZ4 Buffer Overflow Vulnerability

LZ4 is a lossless compression algorithm. A buffer overflow vulnerability exists in the 'LZ4write32' function in versions of LZ4 prior to 1.9.2, which originates when a networked system or product performs an operation in memory without properly validating the data boundaries, resulting in an...

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

IrfanView User Mode Write Access Conflict Vulnerability (CNVD-2019-36935)

IrfanView is an image viewer by Irfan Skiljan software developer in Bosnia and Herzegovina that supports image browsing, image editing, image format conversion and more. IrfanView 4.53 suffers from a user-mode write access conflict vulnerability. An attacker can exploit this vulnerability to read...

XNU - Remote Double-Free via Data Race in IPComp Input Path Exploit

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

openSUSE Security Update : links (openSUSE-2019-2185)

This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

openSUSE: Security Advisory for links (openSUSE-SU-2019:2185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for links (moderate)

openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...

The vulnerability of the compression function in the Zstandard library allows a hacker to execute arbitrary code.

The vulnerability of the compression function in the Zstandard library for data compression is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Nextcloud: WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (UNAUTHORIZED)

because in the burp suite, the build request is complicated, I only use curl 1. Create file index.html and index.php Index.html : Hello world Index.php : 2. Once created enter into .zip COMPRESS 3. LETS UPLOAD CURL : curl site.com/index.php/wp-json/articulate/v1/upload-data -F "name=NAMAFILE" -F...

Fedora Update for jbig2dec FEDORA-2019-55973f4ef8

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...