9165 matches found
MGASA-2019-0260 Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...
Security update for go1.12 (moderate)
openSUSE Security Update: Security update for go1.12 Announcement ID: openSUSE-SU-2019:2085-1 Rating: moderate References: 1139210 1141689 1146111 1146115 1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 An update that solves three...
SUSE SLES15 Security Update : nginx (SUSE-SU-2019:2309-1) (0-Length Headers Leak) (Data Dribble) (Resource Loop)
This update for nginx fixes the following issues : Security issues fixed : CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization bsc1145579. CVE-2019-9513: Fixed a denial of service caused by resource loops bsc1145580. CVE-2019-9516: Fixed a denial of...
CVE-2019-12586
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...
Design/Logic Flaw
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...
CVE-2019-12586
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service crash via a crafted message...
CVE-2019-12587
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...
CVE-2019-12588
The client 802.11 mac implementation in Espressif ESP8266NONOSSDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service crash via a crafted...
CVE-2019-12587
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (AWS) vulnerabilities (USN-4118-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4118-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...
CVE-2019-15847
The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...
USN-4118-1: Linux kernel (AWS) vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
USN-4117-1: Linux kernel (AWS) vulnerabilities
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-10126 Amit Klein and Benny Pinkas discovered that the Linux kerne...
Cisco NX-OS Software Arbitrary File Overwrite Vulnerability
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software. An authenticated, local attacker can exploit the vulnerability to overwrite any file on the file system...
Tableau Code Issues Vulnerabilities
Tableau is a very easy to get started with the data analysis software, just import data through a simple point and click, mouse drag and drop to generate reports. There is a code issue vulnerability in Tableau. The vulnerability arises from a design or implementation problem in the code developme...
CVE-2019-15702
In the TCP implementation gnrctcp in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transportlayer/tcp/gnrctcpoption.c has an infinite loop for an unknown zero-length option...
GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
CVE-2019-15702
CVE-2019-15702 affects RIOT OS GNRC TCP: the TCP options parser (gnrc_tcp_option.c) does not terminate on all inputs, causing an infinite loop for an unknown zero-length option and leading to denial-of-service in RIOT implementations up to 2019.07. The issue is a logic error in parsing TCP option...
Webmin Code Issue Vulnerability
Webmin is a set of Web-based system management tools for Unix-like operating systems. Webmin is vulnerable to a code issue. The vulnerability arises from an improper design or implementation during code development of a Web system or product. No details of the vulnerability are available at this...
CVE-2018-20991
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free...