Lucene search
K

224 matches found

RedHat Linux
RedHat Linux
added 2020/03/23 8:21 a.m.5 views

HTTP/2: flood using SETTINGS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.87806EPSS
Exploits0References7
NVD
NVD
added 2020/03/12 9:15 p.m.15 views

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

5.9CVSS6AI score0.01301EPSS
Exploits0References2
Atlassian
Atlassian
added 2020/02/04 11:56 p.m.76 views

Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...

7.8CVSS4.6AI score0.0048EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/30 9:22 p.m.136 views

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser, paste and visualchars plugins. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are...

6.1CVSS0.1AI score0.01248EPSS
Exploits1References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/29 4:27 p.m.43 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's networking...

7.8CVSS1AI score0.98745EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/29 12:0 a.m.13 views

Portfolio Filter Gallery < 1.1.3 - CSRF & Reflected XSS

Lack of CSRF checks on the Filters page could allow attackers to add/edit/update/delete categories and delete all categories, as well as perform reflected XSS attacks. v1.0.8 fixed the reflected XSS, however no CSRF check on delete and deleteallcategory actions v1.1.0 released, no additional fix...

1.7AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2019/09/12 12:29 p.m.116 views

Important: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.4AI score0.83433EPSS
Exploits1References4
OSV
OSV
added 2019/08/27 5:15 p.m.10 views

CVE-2019-13455

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c...

9.8CVSS9.6AI score
Exploits0References3
Prion
Prion
added 2019/08/27 5:15 p.m.16 views

Stack overflow

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c...

7.5CVSS9.6AI score0.01994EPSS
Exploits1References3Affected Software2
UbuntuCve
UbuntuCve
added 2019/08/27 5:15 p.m.31 views

CVE-2019-13455

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c...

9.8CVSS7.5AI score0.01994EPSS
Exploits1References2
OSV
OSV
added 2019/08/27 5:15 p.m.3 views

UBUNTU-CVE-2019-13455

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c...

9.8CVSS7.7AI score0.01994EPSS
Exploits1References3
CVE
CVE
added 2019/08/27 4:28 p.m.145 views

CVE-2019-13455

Xymon is affected by CVE-2019-13455:

9.8CVSS9.5AI score0.01994EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2019/08/27 4:28 p.m.28 views

CVE-2019-13455

In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c...

9.8CVSS3.4AI score0.01994EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2019/08/27 12:0 a.m.4 views

PT-2019-3098 · D Link · D-Link Dir-825Ac G1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825AC G1 devices affected versions not specified Description: The issue exists due to insufficient input validation in the D-Link router firmware, allowing a remote attacker to bypass compartmentalization between the host network a...

8.8CVSS8.6AI score0.01169EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.40 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0165)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information...

7.8CVSS7.3AI score0.98745EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2019/07/25 12:0 a.m.39 views

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-1792)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the...

7.8CVSS6.9AI score0.98745EPSS
Exploits4References5
OSV
OSV
added 2019/07/23 7:56 a.m.6 views

SUSE-SU-2019:1924-1 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-6064110 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow when handling TCP Selective Acknowledgments SACKs. A remote attack...

7.8CVSS7.9AI score0.98745EPSS
Exploits4References5
Broadcom
Broadcom
added 2019/07/02 12:0 a.m.6 views

BSA-2019-828

Security Advisory ID : BSA-2019-828 Component : TCP SACK Revision : 2.0 An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB da...

7.5CVSS6.7AI score0.94686EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2019/06/25 6:10 p.m.1 views

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

7.5CVSS7.2AI score0.94686EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2019/06/21 12:0 a.m.8 views

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system arises due to a segmentation error in the retransmission queue. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted sequence of SACK packets...

7.8CVSS6.9AI score0.94686EPSS
Exploits1References51Affected Software16
Rows per page
Query Builder