SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:1265-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files bsc1080919. CVE-2019-3842: Fixed a vulnerability in pamsystemd which...

SecurityRAT - Tool For Handling Security Requirements In Development

OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

The vulnerability of the seamless_process function in the RDP-client rdesktop library, related to integer overflow, allows an attacker to execute arbitrary code by causing a stack-based buffer overflow.

The vulnerability of the seamlessprocess function in the RDP client rdesktop is related to a numerical overflow that causes a buffer overflow based on a queue. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

IBM MQ Information Disclosure Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ Console that stems from the program's use of weak encryption algorithm...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

The vulnerability of the PHP programming language module exif_thumbnail_extract, related to integer overflow, allows attackers to cause a service failure.

The vulnerability of the exifthumbnailextract module in the PHP programming language is related to a numerical overflow in the buffer-based queue. Exploiting this vulnerability can allow an attacker to cause service failures...

GHSA-JPV3-G4CC-6VFX Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive...

PT-2019-5423 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.6 Description: An issue in the Linux kernel's network subsystem is related to errors in pointer counting in the functions rx queue add kobject and netdev queue add kobject in net/core/net-sysfs.c. This issue...

IBM MQ Code Injection Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ. A local attacker could exploit the vulnerability to inject code and...

IBM MQ Elevation of Privilege Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ. An attacker could exploit this vulnerability to elevate privileges...

PT-2021-23414 · Mediawiki +1 · Replacetext Extension +1

Name of the Vulnerable Software and Affected Versions: ReplaceText extension versions 1.41 and earlier for MediaWiki Description: The issue concerns Incorrect Access Control in the ReplaceText extension for MediaWiki. When a user is blocked after submitting a replace job, the job is still execute...

CVE-2019-6594

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP MPTCP does not protect against multiple zero length DATAFINs in the reassembly queue, which can lead to an infinite loop in some circumstances...

DEBIAN-CVE-2018-20784

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfsrq's, which allows attackers to cause a denial of service infinite loop in updateblockedaverages or possibly have unspecified other impact by inducing a high load...

CVE-2019-1700 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

CVE-2019-1700 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

IBM MQ Console REST API Denial of Service Vulnerability

IBM MQ formerly known as IBM WebSphere MQ is a messaging middleware product from IBM in the United States. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA.Console REST AP is one of the console REST application program interface components. A security...

Contiki-NG buffer overflow vulnerability (CNVD-2019-00328)

Contiki-NG is an open source, cross-platform operating system for next-generation IoT devices, and MQTT Server is a message queue transport server. A buffer overflow vulnerability exists in MQTT Server in versions of Contiki-NG prior to 4.2. An attacker can exploit this vulnerability to execute...

IBM MQ Library Elevation of Privilege Vulnerability

IBM MQ formerly known as IBM WebSphere MQ is a messaging middleware product from IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in the IBM MQ library. An attacker can exploit the vulnerability t...

CVE-2018-15323

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action...