2594 matches found
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
/ Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon This service vends a Distributed Object which expos...
[SECURITY] Fedora 27 Update: ceph-12.2.4-1.fc27
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage...
Ubuntu 14.04 LTS / 16.04 LTS : Memcached vulnerabilities (USN-3588-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3588-1 advisory. Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service daemon crash...
Stellar.org: It's possible to put SDX orderbook into invalid state and execute trades at arbitrary price
stellar-core improperly handles creation of a buy offer which crosses existing sell offers immediate execution but can only be filled partially due to a trustline limit on the source account. This makes it possible to create a valid offer to buy any custom asset at higher price than existing sell...
Cisco Virtualized Packet Core-Distributed Instance Software Denial of Service Vulnerability
Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software is a productized version of Cisco's StarOS software that is deployed on a dedicated hardware platform.The Cisco StarOS operating The Cisco StarOS operating system is one of the virtualization operating systems. A denial of service...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
Apache JMeter uses an unsecure RMI connection in Distributed mode
Severity: Important Vendor: The Apache Software Foundation Versions Affected: JMeter 2.X, 3.X Description 0: When using Distributed Test only RMI based, jmeter uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect...
Design/Logic Flaw
In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
DEBIAN-CVE-2018-1287
In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
UBUNTU-CVE-2018-1287
In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
Remote Code Execution (RCE)
Apache JMeter is vulnerable to remote code execution RCE attacks. The application uses an insecure RMI connection when conducting distributed tests, allowing a malicious user to inject and execute arbitrary code through serialized objects...
Code injection
When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
UBUNTU-CVE-2018-1297
When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
DEBIAN-CVE-2018-1297
When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...
CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...
CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...
CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...
CVE-2018-0117
A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...
[SECURITY] Fedora 27 Update: nodejs-8.9.3-2.fc27
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...