Omise: SSRF in webhooks leads to AWS private keys disclosure

Vulnerability Summary Omise makes use of Amazon AWS as their application environment. Due to a vulnerability in the way webhooks are implemented, an attacker can make arbitrary HTTP/HTTPS requests from the application server and read their responses. This is known as a server-side request forgery...

Denial Of Service (DoS)

qpid-broker-core is vulnerable to denial of service DoS attacks. The vulnerability exists as the message store did not handle messages properly, allowing malformed messages to crash the broker instance...

GHSA-7R8M-45GC-M2C8 Downloads Resources over HTTP in mongodb-instance

Affected versions of mongodb-instance insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP in mongodb-instance

Affected versions of mongodb-instance insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Microsoft Azure Cloud Instance Detection

Binary data 700395.prm...

Google Compute Cloud Instance Detection

Binary data 700396.prm...

Amazon EC2 Instance Detection

Binary data 700394.prm...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists as the addressspacewritecontinue function in exec.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds access and guest instance crash by leveraging use...

Arbitrary File Write

jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists in the instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users ...

CVE-2018-0484

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

Design/Logic Flaw

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

A vulnerability in the access control logic of the Secure Shell SSH server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding VRF instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a...

GHSA-4Q69-Q4Q7-X82C rendertron can remotely shut down Chrome instance

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

rendertron can remotely shut down Chrome instance

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

ALPINE-CVE-2018-20194

There is a stack-based buffer underflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy...

CVE-2017-18353

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

CVE-2017-18353

Rendertron 1.0.0 includes an ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application...

Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM WebSphere Application Server in IBM Cloud (CVE-2018-1851)

Summary There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2018-1851 DESCRIPTION: IBM WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, cause...