HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

CVE-2019-15161

rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request...

EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-2095)

According to the versions of the wavpack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults...

WordPress music-store plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. music-store is an online music store plugin used in it. A cross-site scripting vulnerability exists in WordPress music-store plugin...

CVE-2019-14730

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...

Directory Traversal Vulnerability in Xunrui CMS Backend Pages

Sichuan Xunruiyun Software Development Co., Ltd. is an Internet enterprise focusing on providing informatization services for small and medium-sized enterprises, mainly engaged in PHP language CMS website management system, offline communication and information engineering, online and offline...

Cisco UCS Director, Cisco Integrated Management Controller Supervisor - Multiple Vulnerabilities

Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro email protected from Agile Information Security ================================================================...

Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection

Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro [email protected] from Agile Information Security...

Google Android Denial of Service Vulnerability (CNVD-2019-41026)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A denial of service vulnerability exists in System in Android Q. An attacker can exploit this vulnerability to cause a denial of service...

Remote Command Execution Vulnerability in Coremail Argumenter Client

Coremail client Mailbox For Windows is a mail client of coremail, which fully supports the synchronization of Coremail account data and has a better application experience. A remote command execution vulnerability exists in Coremail Lobbyist Client. An attacker can exploit the vulnerability to...

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork:...

Input validation

Improper Verification of a Cryptographic Signature in OpenPGP.js =4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature...

WordPress user-role plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. user-role is a plug-in for website user management. A cross-site scripting vulnerability exists in the WordPress user-role plugin...

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

Cisco UCS Director Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data...