HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

jenkins-plugin-script-security: Sandbox bypass through method pointer expressions in Script Security Plugin

A flaw was found in the Jenkins Script Security plugin. Sandbox protection could be circumvented through crafted subexpressions used as arguments to method pointer expressions. This allows attackers the ability to specify sandboxed scripts to execute arbitrary code in the context of the Jenkins...

jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin

A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvented by casting crafted objects to other types allowing an attacker to specify sandboxed scripts to invoke constructors that weren't previously whitelisted. The highest threat from this vulnerability is to dat...

KLA11553 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Microsoft Exchange can be exploited remotely v...

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

CVE-2018-20969

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

KLA11762 DOS vulnerability in VLC media player

Heap-based buffer over-read vulnerability was found in VLC media player. Malicious users can exploit this vulnerability to cause denial of service. Original advisories sb-vlc308 Related products VLC-media-player CVE list CVE-2019-13962 critical Solution Update to the latest version Download VLC...

CVE-2019-15215

A use-after-free vulnerability was found in the Linux kernel's cpia2usb driver. An attacker must have physical access to the system to utilize a malicious USB device to trigger the disconnect functionality which is required to trigger this flaw. A local account is also required to take advantage ...

KLA11543 Vulnerability in Google Chrome

A use-after-free vulnerability related to Blink was found in Google Chrome. Malicious users can exploit this vulnerability to cause denial of service or possibly execute arbitrary code. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE list CVE-2019-5869...

CVE-2019-14744

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

CVE-2019-0203

A flaw was found in subversion. A remote, unauthenticated user can cause a null-pointer-dereference in svnserve by sending a certain sequences of protocol commands to the server. This results in a denial of service in some server configurations, specifically when anonymous access is enabled. The...

kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target

A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled e.g. compiler, compile flags, and hardware architecture, the attack may lead to a...

Design/Logic Flaw

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Open Fabrics Tools. The supported version that is affected is 11.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise...

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...