SUSE CVE-2018-16888

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user e.g. User field set in the service file, a local attacker who is able to write to the PIDFile of the mentioned service may use this fl...

SUSE CVE-2018-1000200

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory OOM killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exitmmap, which calls munlockvmapagesall for mlocked vmas.This can happen...

SUSE CVE-2019-2389

Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...

SUSE CVE-2019-18680

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rdstcpkillsock in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0...

MultipartParser denial of service with too many fields or files

Impact The MultipartParser using the package python-multipart accepts an unlimited number of multipart parts form fields or files. Processing too many parts results in high CPU usage and high memory usage, eventually leading to an OOM process kill. This can be triggered by sending too many small...

CVE-2022-43665

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability...

PT-2023-33693 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the sk stream kill queues function, where the sk error queue is not properly purged. This could potentially lead to security vulnerabilities, although the actual impa...

Sql injection

A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch...

CVE-2014-125037

CVE-2014-125037 affects the License to Kill project, specifically the models/injury.rb component. The issue arises from manipulation of the name argument, resulting in an SQL injection vulnerability. A patch identified as cd11cf174f361c98e9b1b4c281aa7b77f46b5078 is available, with recommendations...

License To Kill SQL注入漏洞

License To Kill is a database project by Eliza Brock Marcum, an individual developer. License To Kill suffers from an SQL injection vulnerability that stems from an incorrect manipulation of the parameter name resulting in sql injection...

PT-2023-10107 · Unknown · License To Kill

Name of the Vulnerable Software and Affected Versions: License to Kill affected versions not specified Description: A critical issue was found in License to Kill, affecting an unknown part of the file models/injury.rb. The manipulation of the name argument leads to sql injection. Recommendations:...

Effective Vulnerability Management with Stakeholder Specific Vulnerability Categorization (SSVC) and Qualys TruRisk

Security stakeholders across the globe have long relied on the Common Vulnerability Scoring System CVSS to prioritize vulnerabilities and assess their risk posture. The reason why the CVSS has become the standard for many security and vulnerability management teams alike is that this method is ea...

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Hundreds of databases on Amazon Relational Database Service Amazon RDS are exposing personal identifiable information PII, new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the...

Dismember - Scan Memory For Secrets And More

Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes or particular ones for common secrets and custom regular expressions, among other things. It will eventually become a full /proc toolkit. Using the grep command, it can match a regular expression...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A version 1.00.0, which stems from...

Product Explained: Stellar Cyber Open XDR Platform

Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don...

CVE-2022-38542

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

Sql injection

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...