CVE-2012-5630

libuser 0.56 and 0.57 has a TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...

CVE-2012-5630

CVE-2012-5630 affects libuser versions 0.56 and 0.57 and describes a TOCTOU race condition during copying and removing directory trees. The vulnerability is indexed as a local issue with potential partial integrity/availability impact per CVSS data (local access, medium to high impact in some met...

CVE-2012-5630

libuser 0.56 and 0.57 has a TOCTOU time-of-check time-of-use race condition when copying and removing directory trees...

UBUNTU-CVE-2019-19039

btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as no...

Linux kernel resource management error vulnerability (CNVD-2019-41702)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the 'unittestdataadd' function in the drivers/of/unittest.c file in versions of Linux kernel prior to 5.3.10. The...

CVE-2019-1010023

It was discovered that when executing ldd on a malicious file, it is possible to execute code because of the way libraries are loaded into the process memory. An attacker may trick a victim user into running ldd on malicious files, thus executing code with their privileges. Mitigation Use objdump...

DEBIAN-CVE-2019-19049

A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory consumption by triggering offdtunflattentree failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because...

The vulnerability of the Tree Manager sub-component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a malicious individual to gain unauthorized access to protected data.

The vulnerability of the Tree Manager sub-component of the Oracle PeopleSoft Enterprise PeopleTools business application package is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected data using the HTTP protocol...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-2216)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

LibSass heap buffer overread vulnerability (CNVD-2019-40159)

LibSass is a C/C++ implementation of the Sass compiler. A heap buffer over-read vulnerability exists in Sass::weaveParents in astselweave.cpp in LibSass versions prior to 3.6.3. No details of the vulnerability are provided at this time...

kernel: fs/ext4/extents.c leads to information disclosure

A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem...

CVE-2016-4289

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL...

[SECURITY] Fedora 31 Update: jackson-databind-2.10.0-1.fc31

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

CVE-2018-14613

An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid pointer dereference in ioctlmappage when mounting and operating a crafted btrfs image is due to a lack of block group item validation in checkleafitem in fs/btrfs/tree-checker.c function. This could lead to a...

Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support

IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG...

CVE-2019-2932

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Tree Manager. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2019-2932

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Tree Manager. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2019-2932

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Tree Manager. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...