panic safety: double drop may happen within `util::{mutate, mutate2}`

Upon panic in a user-provided function f, fn mutate & fn mutate2 drops twice a same object. Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read. Dropping a same object can result in memory corruption. The flaw was...

SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : Handle cases where other tools mount/unmount containers overlay.MountReadOnly: support RO overlay mounts overlay: use fusermount for rootless umounts overlay: fix umount Switch default log level of...

PYSEC-2020-131

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

Open-Xchange: Null pointer dereference in SMTP server function smtp_command_parse_data_with_size

Sending the following bytes to the SMTP server induces a NULL pointer dereference...

PHP Laravel Framework token Unserialize Remote Command Execution

This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...

ffmpeg/ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer: Index-out-of-bounds in vc1_decode_ac_coeff

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5648992869810176 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDWMV3IMAGEfuzzer Fuzz target binary: ffmpegAVCODECIDWMV3IMAGEfuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type:...

CVE-2019-3575

Sqlayamlfixtures 0.9.1 allows local users to execute arbitrary python code via the fixturetext argument in sqlayamlfixtures.load...

SUSE-SU-2018:3781-1 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

kernel security and bug fix update

3.10.0-862.14.4.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.14.4 - scsi Revert: lpfc: Fix port initialization failure Radomir Vrbovsky...

Security Bulletin: A vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0230)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem V840 which allows remote attackers to cause a denial of service under certain scenarios. Vulnerability Details CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service,...

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects the IBM FlashSystem V840, (CVE-2014-0227)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem V840 which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service under error scenarios. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat...

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects the IBM FlashSystem 900, (CVE-2014-0230)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by the IBM FlashSystem 900 which allows remote attackers to cause a denial of service under certain scenarios. Vulnerability Details CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service,...

Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 900 (CVE 2015-0286)

Summary There is a vulnerability in Open Source OpenSSL version that is used by the IBM FlashSystem 900. An exploit of this vulnerability could result in a denial of service. Vulnerability Details CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error i...

Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem V9000 (CVE 2015-0286)

Summary There is a vulnerability in Open Source OpenSSL version that is used by the IBM FlashSystem V9000. An exploit of this vulnerability could result in a denial of service. Vulnerability Details CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could...

Security Bulletin: A Vulnerability in Apache Tomcat affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-6056 could allow a remote attacker to wage a denial of service attack. Vulnerability Details CVEID: CVE-2017-6056 DESCRIPTION: Apache Tomcat is vulnerabl...

Security Bulletin:Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem model V9000 (CVE-2015-3194)

Summary There is a vulnerability in OpenSSL to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could cause the system to crash. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer...

Security Bulletin: A cross-site request forgery vulnerability affects the IBM FlashSystem model V9000 (CVE-2015-7446)

Summary There is a cross-site request forgery vulnerability to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow cross-site scripting attacks, Web cache poisoning, and other malicious activities. Vulnerability Details CVEID: CVE-2015-7446 DESCRIPTION:...

Security Bulletin:A vulnerability in Struts affects the IBM FlashSystem model V840 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remot...

Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V840 (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services NSS to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker could exploit this vulnerability to forge signatures. Vulnerability Details CVEID: CVE-2015-2730 DESCRIPTION: Mozill...