HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2019-9495

A flaw was found in wpasupplicant. Side channel attacks were recently discovered in the SAE implementations used by both hostapd and wpasupplicant. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is ...

CVE-2019-0757

A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data...

CVE-2019-19921

A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization, by adding a symlink to the rootfs that points to a directory on the volume. The highest threat from this vulnerability is to data...

CVE-2018-8029

A flaw was found in Apache Hadoop in versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4. A user who can escalate to a yarn user can possibly run arbitrary commands as root user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2019-14907

A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability. Mitigation Do not set ...

CVE-2019-19083

A memory leak flaw was found in the Linux kernel. A system crash occurs under very specific, hard to obtain conditions, when the AMD GPU Display Engine configuration initialization handles resource cleaning when a failure occurs. The highest threat from this vulnerability is system availability...

dotnet: Denial of service via backpressure issue

A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability...

Unspecified Vulnerability in Oracle Enterprise Manager Base Platform (CNVD-2020-04358)

Oracle Enterprise Manager Base Platform is a complete installer that includes OMS, agents, repositories, and management plug-ins. An unspecified vulnerability exists in Oracle Enterprise Manager Base Platform. An attacker could exploit this vulnerability to gain unauthorized access to, update,...

SIEMENS SINAMICS PERFECT HARMONY GH180 Access Control Vulnerability

The SINAMICS Perfect Harmony GH180 Medium Voltage Drives series is designed to control medium voltage drives or inverters in a variety of different applications. An access control vulnerability exists in the SIEMENS SINAMICS PERFECT HARMONY GH180. An attacker could exploit this vulnerability to...

CVE-2020-0602

A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability...

rabbitmq-server: "X-Reason" HTTP Header can be leveraged to insert a malicious string leading to DoS

A resource-consumption flaw was identified in the rabbitmq-server web management plugin. Utilizing a malicious 'X-Reason' HTTP header, a remote attacker could insert a malicious Erlang format string which will expand and consume heap memory, resulting in a crash. The highest threat from this...

CVE-2019-19911

A denial of service vulnerability was found in Pillow in versions before 6.2.2, where the FpxImagePlugin.py file calls the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows systems running 32-bit Python, this flaw results in an OverflowError or MemoryErro...

CVE-2019-19882

A flaw was found in shadow-utils. When compiled with --with-libpam, but without explicitly passing --disable-account-tools-setuid and suitable PAM configurations, a local user could obtain root access due to setuid being misconfigured. The highest threat from this vulnerability is to file...

CVE-2019-19065

A flaw was found in the Linux kernel. The Intel OPA Gen1 driver mishandles resource cleanup. An attacker able to induce low memory condition on the system could use this flaw to crash the system. The highest threat from this vulnerability is to system availability. Mitigation In order to mitigate...

CVE-2019-3863

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

CVE-2019-15505

An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisatusb2state state-buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure...

CVE-2019-19058

A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest thre...

CVE-2019-17006

A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability...

CVE-2019-19770

A use-after-free flaw was found in the debugfsremove function in the Linux kernel. The flaw could allow a local attacker with special user or root privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat...