Buffer overflow

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481...

CVE-2019-4523

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481...

USN-4163-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4163-1 advisory. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An...

Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4157-1)

Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-14814, CVE-2019-14815,...

The vulnerability of the Thunderbird email client’s libical library lies in the lack of type checking for the objects being passed around. This allows attackers to trigger a service failure.

The vulnerability of the Thunderbird email client’s libical library is related to the lack of type checking during the processing of certain email messages. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Array.pop method in Thunderbird email clients and Firefox and Firefox ESR browsers allows a hacker to trigger a service failure.

The vulnerability of the Array.pop method in Thunderbird email clients and Firefox and Firefox ESR browsers is related to the lack of type checking when passing objects around. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

RITA - Real Intelligence Threat Analytics

RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection : Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs o...

Intel Active System Console Elevation of Privilege Vulnerability

Intel Active System Console is an active system console application from Intel Corporation USA. A security vulnerability exists in the installer in versions prior to Intel Active System Console 8.0 Build 24, which stems from the program not performing sufficient path checking. An attacker could...

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-11120

Insufficient path checking in the installer for IntelR Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access...

Google Android Information Disclosure Vulnerability (CNVD-2019-36417)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android 10 suffers from an information disclosure vulnerability. The vulnerability stems from an out-of-bounds read problem in libxaac in Android caused by a...

Google Android Remote Code Execution Vulnerability (CNVD-2019-35249)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in Google Android 10. The vulnerability stems from an out-of-bounds write problem in libxaac in Android caused by a lac...

Google Android Remote Code Execution Vulnerability (CNVD-2019-35238)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in Google Android 10. The vulnerability stems from an out-of-bounds write problem in libxaac in Android caused by a lac...

Google Android Remote Code Execution Vulnerability (CNVD-2019-35242)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in Google Android 10. The vulnerability stems from an out-of-bounds write problem in libxaac in Android caused by a lac...

Google Android Remote Code Execution Vulnerability (CNVD-2019-35243)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in Google Android 10. The vulnerability stems from an out-of-bounds write problem in libxaac in Android caused by a lac...

Google Android Information Disclosure Vulnerability (CNVD-2019-36413)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android 10 suffers from an information disclosure vulnerability. The vulnerability stems from an out-of-bounds read problem in libxaac in Android caused by a...

Ubuntu: Security Advisory (USN-4153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4153-1: Octavia vulnerability

Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information...

CVE-2018-11219

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking...