9164 matches found
MongoDB 3.4.x < 3.4.10 / 3.5.x < 3.6.0-rc0 mongod
The version of the remote MongoDB server is 3.4.x prior to 3.4.10 / 3.5.x prior to 3.6.0-rc0. It is, therefore, affected by a denial of service vulnerability in mongod networkMessageCompressors due to an implementation error. A remote, unauthenticated attacker can exploit this, to cause a denial ...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors STIBP support. Note that STIBP also requires the functionality be supported by the...
CVE-2019-5754
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...
Information disclosure
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...
CVE-2019-5754
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...
CVE-2019-5754
CVE-2019-5754 affects Google Chrome’s QUIC networking implementation. Root cause: an implementation error in QUIC networking prior to version 72.0.3626.81. Consequence: an attacker who can cause the use of a proxy server can obtain cleartext of the transport encryption via a malicious network pro...
CVE-2019-5754
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...
CVE-2019-5754
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...
SUSE-SU-2019:0427-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange bsc1104301...
SUSE SLES11 Security Update : kvm (SUSE-SU-2019:13962-1)
This update for kvm fixes the following issues : Security issues fixed : CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. CVE-2018-19489: Fixed a denial of service vulnerability in virtfs bsc1117275. CVE-2018-19364: Fixed a use-after-free if the...
Debian DSA-4395-1 : chromium - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. - CVE-2019-5755 Jay Bosamiya discovered an implementation erro...
OPENSUSE-SU-2019:0206-1 Security update for chromium
This update for Chromium to version 72.0.3626.96 fixes the following issues: Security issues fixed bsc1123641 and bsc1124936: - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8. ...
[SECURITY] Fedora 29 Update: python-markdown2-2.3.7-1.fc29
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
[SECURITY] Fedora 28 Update: python-markdown2-2.3.7-1.fc28
Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ======== Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical...
Fixed in Apache Tomcat 8.5.38
Important: Denial of Service CVE-2019-0199 The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3871-5)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3871-5 advisory. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An...
Ubuntu: Security Advisory (USN-3871-5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3878-2: Linux kernel (Azure) vulnerabilities
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...