1000 matches found
MGASA-2020-0120 Updated proftpd packages fix security vulnerability
Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...
Debian DSA-4635-1 : proftpd-dfsg - security update
Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code. C Tenable...
[SECURITY] [DSA 4635-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4635-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 26, 2020 https://www.debian.org/security/faq -...
kernel: TLB flush happens too late on mremap
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
Fedora Update for libtalloc FEDORA-2019-41c7fa478a
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
kernel: TLB flush happens too late on mremap
Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...
PT-2019-6125 · Nlnet +7 · Unbound +7
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to an integer overflow in the regional allocator via the ALIGN UP macro. Although the vendor disputes that this is a vulnerability, the code may be vulnerable. However, a runni...
[SECURITY] Fedora 31 Update: libtalloc-2.3.0-1.fc31
A library that implements a hierarchical allocator with destructors...
Jenkins Port Allocator Cleartext Storage of Credentials Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Port Allocator. Authentication is required to exploit this vulnerability. The specific flaw exists within the Port Allocator plugin. The issue results from storing credentials in...
PT-2019-6285 · Nlnet +8 · Unbound +8
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to an integer overflow in the regional allocator via the regional alloc function in the util/regional.c component of the Unbound DNS server. This could potentially allow a remo...
UBUNTU-CVE-2019-15921
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idralloc fails in genlregisterfamily in net/netlink/genetlink.c...
Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
RUSTSEC-2019-0012 Memory corruption in SmallVec::grow()
Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution. Credits to @ehuss for...
Unspecified Vulnerability in CloudBees Jenkins Port Allocator Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Port Allocator Plugin is used in which a TCP...
CVE-2019-10350
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10350
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10350
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10350
Summary: CVE-2019-10350 affects the CloudBees/Jenkins Port Allocator Plugin. The vulnerability stems from credentials being stored in plaintext in job config.xml files on the Jenkins master, enabling disclosure to users with Extended Read permission or with access to the master filesystem. The CV...
Processing of maliciously crafted length fields causes memory allocation SIGABRTs
Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks. This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide. The flaw w...