Important: Red Hat Security Advisory: General availability of the satellite/iop-insights-engine-rhel9 container image

A new satellite/iop-insights-engine-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

WordPress plugin Doofinder for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted txhashes, it will mark it in memory to avoid duplicated requests. code → . It is easy to establish a DoS attach by generating random tx hashes. Impact It affects all nodes connected to the P2P...

CVE-2019-5102

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

CVE-2018-1000635

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been...

Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1654)

Summary The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale that could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. Vulnerability Details CVEID:...

Out-of-bounds

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

Design/Logic Flaw

The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is no...