BlackSheep 注入漏洞

BlackSheep is an open source web application framework from Neoteroi. BlackSheep version 2.4.6 before the injection vulnerability , the vulnerability stems from the HTTP client-side implementation of the lack of header validation , which could lead to an attacker to modify the HTTP request or...

RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack

Impact An issue was found in RKE2 where an attacker with network access to RKE2 servers' supervisor port TCP 9345 can force the TLS server to add entries to the certificate's Subject Alternative Name SAN list, through a stuffing attack, until the certificate grows so large that it exceeds the...

CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...

USN-5096-1: Linux kernel (OEM) vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect again...

CVE-2020-26244

CVE-2020-26244 affects Python oic (OpenID Connect) before version 1.2.1. The issues include: IdToken signature algorithm not always checked, JWA none allowed in all flows, oic.consumer.Consumer.parse_authz returning an unverified IdToken, and iat not checked for sanity. A fix is released in versi...

CVE-2017-10388

It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...

Debian DLA-2385-1 : linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-3874 Kernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially us...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4527-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4527-1 advisory. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local...

Updated libx11 packages fix security vulnerability

The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method CVE-2020-14344. The libx11 package has been updated to version 1.6.10 which fixes this...

EPoD: Ethereum Packet of Death (CVE-2018-12018)

PeckShield has so far discovered quite a few critical smart contract vulnerabilities. Besides smart contracts, the Ethereum ecosystem also includes other various components that are equally exposed to possible exploitation. Obviously, one such component is the core of Ethereum, i.e., the underlyi...

CentOS Update for java CESA-2018:0349 centos7

Check the version of java SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882845";...

Design/Logic Flaw

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the 1 nsrd, 2 nsrexecd, and 3 portmap executable files, which allows local users to gain privileges via a Trojan horse file...

Critical: Red Hat Security Advisory: java-1.7.1-ibm security update

Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Update Protection against IBM Lotus Domino IMAP Server Buffer Overflow

IBM Lotus Domino Server is a collaboration software that provides mail, messaging, calendaring and scheduling capabilities across multiple OS platforms. The product implements numerous services based on open standards, including SMTP, IMAP, and POP3. Lotus Notes is the client implementation of th...