PT-2019-17042 · Ibm · Ibm Security Guardium Big Data Intelligence

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Big Data Intelligence version 4.0 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume...

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.116 and fixes at least the following security issues: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the...

The vulnerability of the ASN.1 BER dissector component of the Wireshark network traffic analyzer tool, which is related to the execution of operations beyond the memory limit, allows attackers to cause a service failure.

The vulnerability of the ASN.1 BER component epan/dissectors/packet-ber.c, a dissector for analyzing computer network traffic in Wireshark, is related to the execution of operations beyond the memory limits. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...

Design/Logic Flaw

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...

CVE-2019-3882

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhausti...

CVE-2019-3882

CVE-2019-3882 affects the Linux kernel vfio interface: a local user owning a vfio device could abuse DMA mappings to memory and exhaust system memory, enabling a denial of service. Publicly available connected documents confirm the vulnerability and its DoS impact; Debian and other advisories inc...

Fedora 28 : php (2018-6855bf9ff3)

PHP version 7.2.12 08 Nov 2018 Core: - Fixed bug php76846 Segfault in shutdown function after memory limit error. Nikita - Fixed bug php76946 Cyclic reference in generator not detected. Nikita - Fixed bug php77035 The phpize and ./configure create redundant .deps file. Peter Kokot - Fixed bug...

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

DEBIAN-CVE-2018-14567

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251...

Denial-of-Service (DoS) Through Memory Exhaustion

ImageMagick is vulnerable to denial of service DoS attacks through memory exhaustion. The loadlevel function in coders/xcf.c does not validate offsets, allowing a malicious user to pass a xcf file to allocate over the memory limit and consume all the application's memory...

Buffer Overflow

ImageMagick is vulnerable to buffer overflows. When a memory limit is set, a malicious user can trigger a heap-based buffer overflow or cause a invalid write operation via the SetPixelIndex function...

CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

Heap overflow

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

CVE-2016-5688

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger 1 a heap-based buffer overflow in the SetPixelIndex function or an invali...

Internet Bug Bounty: SEH buffer overflow msgfmt_format_message

Upstream bug --------------- https://bugs.php.net/bug.php?id=73007 Fixed in PHP 7.0.11 and PHP 5.6.26 --------------- http://php.net/ChangeLog-5.php5.6.26 http://php.net/ChangeLog-7.php7.0.11 Patch ------- http://git.php.net/?p=php-src.git;a=commit;h=20fa323d53257a776bd7551ce7bdb2261cfe5420...

SOL43449212 - PHP vulnerability CVE-2016-5096

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL51390683 - PHP vulnerabilities CVE-2016-5094 and CVE-2016-5095

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...