CVE-2018-9547

CVE-2018-9547 impacts Android 8.1 and 9, specifically the GraphicBuffer.cpp unflatten path. Description: a bad file descriptor close due to insufficient input validation could allow local escalation of privilege in the system server, with no user interaction required. The issue affects the Androi...

Inspiring Gender Diversity at Women of the Channel Leadership Summit

At Trend Micro we’re proud to be walking the talk on gender diversity — from our co-founder and CEO, Eva Chen, all the way down. It’s always been a keen part of our corporate culture, from the very beginning 30 years ago. But we also realize that there’s still a major diversity challenge facing t...

Closing the Gap: An Exciting Initiative to Drive More Gender Diversity in Tech

We all know there’s a global IT skills crisis. In cybersecurity things are even worse, with a shortfall of nearly three million roles estimated today — 500,000 of which are in North America. Today women comprise just 24% of the workforce yet half of the global population. Why is this? Women were...

CVE-2018-1786

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSEWAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871...

Haxx curl resource management error vulnerability

Haxx curl is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. A resource management error vulnerability in t...

DEBIAN-CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

Security fix for the ALT Linux 8 package curl version 7.62.0-alt1

Oct. 31, 2018 Anton Farygin 7.62.0-alt1 - 7.62.0 - fixes: CVE-2018-16839 - buffer overrun in the SASL authentication code. CVE-2018-16840 - use-after-free in handle close CVE-2018-16842 - warning message out-of-buffer read...

UBUNTU-CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service...

GHSA-3X7H-5HFR-HVJM Moderate severity vulnerability that affects io.undertow:undertow-core

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

June 27, 2017—KB4032693 (OS Build 10586.965)

June 27, 2017—KB4032693 OS Build 10586.965 Improvements and fixes This non-security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed an issue introduced by KB4022714 where Internet Explorer and Microsoft Edg...

Linux/x86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)

/ Title: Linux/86 - File Modification/etc/hosts Polymorphic Shellcode 99 bytes Author: Ray Doyle @doylersec Tested on: Linux/x86 gcc -o polyhostsshellcode -z execstack -fno-stack-protector polyhostsshellcode.c / / Disassembly of section .text: 08048060 : 8048060: 29 c9 sub ecx,ecx 8048062: 51 pus...

UBUNTU-CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

CVE-2018-14625

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte information leak or possibly intercept o...

UBUNTU-CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

DEBIAN-CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

Amazon Linux AMI : kernel (ALAS-2018-1044)

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.CVE-2018-12232 C Tenable Netwo...

CVE-2018-12232

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service...