XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP

mptcpusrconnectx is the handler for the connectx syscall for the APMULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AFINET or AFINET6: // verify salen for AFINET: if dst-safamily == AFINET && dst-salen !=...

PT-2020-15266 · Stepmania Team +2 · Stepmania +2

Name of the Vulnerable Software and Affected Versions: libvorbis versions prior to 1.3.6 StepMania version 5.0.12 Description: The issue is related to insufficient array bounds checking in libvorbis, which can be exploited via a crafted OGG file. This affects products using libvorbis, including...

Error shown on the WEM Agents: "An error occurred while building your environment. Agent processing will now stop."

Following error is shown on the right lower corner of the screen on the WEM Agentsevery time the VUEMUIAgent is launched or refreshed: Event Viewer on the WEM Agents reports the following error under Norskale Agent Service when the issue occurs: The "WEM Agent Session Log" shows the following...

Windows Defender Firewall: Prohibit notifications

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadvsecprofilenotification.nasl 10010 2018-05-29 14:43:35Z emoss $ Check value for Windows Defender Firewall: Prohibit notifications Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

Stack overflow

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

CVE-2018-1459

CVE-2018-1459 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1. The vulnerability is a stack-based buffer overflow caused by improper bounds checking, which could allow an attacker to execute arbitrary code locally. The NVD entry lists a CVSSv3 ...

Deserialization of untrusted data

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...

Fedora 26 : webkitgtk4 (2018-6a9fea1b3a)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

Fedora 27 : webkitgtk4 (2018-93ba62d099)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

CVE-2018-0238

CVE-2018-0238 affects Cisco UCS Director; an attacker can log in with a modified username and valid password to gain visibility into and perform actions on any VM in the end-user portal. Root cause: improper user authentication checks in role-based resource checking; impact includes information d...

CVE-2018-0238

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System UCS Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user portal and perform any permitted operations on a...

Buffer overflow

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, a...

Akamai and Duo have announced a technology partnership for Zero Trust

Akamai continues to build a zero trust ecosystem by integrating it's Enterprise Application Access EAA with Duo's Multi-Factor Authentication MFA solution. Duo now natively integrates into EAA and augments access with push-based MFA, phone call delivery of MFA tokens, and additional device level...

Libsodium - A Modern, Portable, Easy To Use Crypto Library

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all o...

The vulnerability of the libavc library in the Media Framework component of the Android operating system allows a hacker to trigger a service failure.

The vulnerability of the libavc library used in the Media Framework of the Android operating system is related to insufficient state checking. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the aac library component of the Media Framework operating system in Android, which allows a hacker to trigger a service failure

The vulnerability of the aac library component of the Media Framework operating system in Android is related to insufficient state checking. Exploiting this vulnerability can allow an attacker to cause service failures remotely...