Teclib GLPI Competitive Conditions Issue Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A competitive conditions issue vulnerability exists in Teclib GLPI versions...

Webargs mishandles concurrent JSON parsing

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

GHSA-8554-JXCW-454Q Webargs mishandles concurrent JSON parsing

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

Design/Logic Flaw

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

PYSEC-2019-139

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

CVE-2019-9710

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

UBUNTU-CVE-2019-9003

In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmimsghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop...

Service Provider guide on troubleshooting slow merge in Cloud Connect jobs

Challenge During synthetic operations, data processing is handled solely by a Cloud repository. This article provides troubleshooting recommendations which may help to correctly identify the cause of slowness, increase performance and shorten backup window. Solution 1 Storage performance The firs...

UBUNTU-CVE-2018-20743

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message flood...

DEBIAN-CVE-2018-20743

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message flood...

A Framework for Secure and Scalable Network Traffic Analysis: Netcap

The Netcap NETwork CAPture framework efficiently converts a stream of network packets into highly accessible type-safe structured data that represent specific protocols or custom abstractions. These audit records can be stored on disk or exchanged over the network, and are well suited as a data...

DEBIAN-CVE-2018-19364

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to for example a use-after-free outcome...

Information Disclosure

catalina is vulnerable to information disclosure attacks. The vulnerability exists as an instance-variable overwrite can occur when two requests in different threads are processed concurrently, causing information disclosure attacks...

SUSE-SU-2018:2787-1 Security update for the Linux Kernel (Live Patch 29 for SLE 12)

This update for the Linux Kernel 3.12.61-52106 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming TCP packet which can lead to a denial of service bsc1102682. - CVE-2018-10902...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. Th...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

DEBIAN-CVE-2018-10902

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

SUSE-SU-2018:1372-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyStringDecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution bsc1068664. - CVE-2018-1000030: Fixed crash inside the...