CVE-2019-16230

drivers/gpu/drm/radeon/radeondisplay.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics ca...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

Linux kernel memory leak vulnerability (CNVD-2019-31644)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory leak vulnerability exists in registerqueuekobjects in net/core/net-sysfs.c in versions of Linux kernel prior to 5.0.1. An attacker could exploit this...

DEBIAN-CVE-2019-15916

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in registerqueuekobjects in net/core/net-sysfs.c, which will cause denial of service...

Denial Of Service (DoS) Via Settings Flood

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. The attack can be triggered by sending a flood of settings by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption...

PT-2019-17018 · Ibm · Ibm Mq Appliance +1

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.6 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.15 IBM MQ Appliance versions 8.0.0.0 through 8.0.0.12 IBM MQ Appliance versions 9.1.0.0 through 9.1.0.2 IBM MQ Appliance version...

Code injection

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

CVE-2019-9517 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

UBUNTU-CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

IBM MQ Input Validation Error Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An input validation error vulnerability exists in IBM MQ. An attacker could exploit this vulnerability to cause ...

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2019-25337)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue versions 1.0.0, 1.0.1, and 1.0.2. An...

CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

Cross site scripting

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

CVE-2019-14406

CVE-2019-14406 affects cPanel before 78.0.18, with a stored XSS in the BoxTrapper Queue Listing (SEC-493). Root cause: lack of proper validation of client-side data by the web application. Impact is consistent with stored XSS in the affected component; exploitation details are not provided in the...

DEBIAN-CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized, resulting in a leak of stack memory to userspace...

DEBIAN-CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled...

UBUNTU-CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled...

AMIRA - Automated Malware Incident Response & Analysis

AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All : the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket,...