7704 matches found
CVE-2019-4523
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481...
Buffer overflow
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481...
CVE-2019-4523
CVE-2019-4523 affects IBM DB2 High Performance Unload load for LUW 6.1 and 6.5. Root cause: a buffer overflow due to improper bounds checking, enabling a local user to run code with root privileges. IBM bulletin shows fixes: Interim Fixes 6.1.0.3.6 (for 6.1) and 6.5.0.0.1 (for 6.5); follow remedi...
Infogram: LFI through the MySQL connection
Hello team! I've found a way to read Infogram's server local files through the MySQL connection. The problem is that you're using the LOAD DATA LOCAL feature with your MySQL client. This how an attacker can easily send server's local files to her/his database. I've successfully readed the...
All Resolvers Aren't Equal - Don't Worry, GTM is Aware
What is GTM Global Traffic Management, or GTM, is a DNS-based load balancing service that offers application owners a level of flexibility and insight that is unmatched by traditional on-prem solutions. Highly scalable and fault-resilient, GTM offers customers a layer of abstraction between...
UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses
UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other...
PT-2019-15192 · Libvips +1 · Libvips +1
Name of the Vulnerable Software and Affected Versions: libvips versions prior to 8.8.2 Description: The issue arises from the vips foreign load gif scan image function in foreign/gifload.c trying to access a color map before the DGifGetImageDesc call, resulting in a use-after-free. Recommendation...
Unbreakable Enterprise kernel security update
4.14.35-1902.6.6 - RDMA/restrack: Protect from reentry to resource return path Leon Romanovsky Orabug: 30388717 4.14.35-1902.6.5 - hvnetvsc: fix vf serial matching with pci slot info Haiyang Zhang Orabug: 30373111 - rds: Use correct conn when dropping connections due to cancel Hakon Bugge Orabug:...
USN-4153-1: Octavia vulnerability
Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information...
CVE-2018-21008
A use-after-free flaw was found in the Linux kernel's Redpine Signals driver implementation. A local attacker who is able force a module load rsisdio or usb plug/unplug could cause a system crash or memory corruption leading to privilege escalation. The highest threat from this vulnerability is t...
[SECURITY] Fedora 29 Update: memcached-1.5.14-2.fc29
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...
[SECURITY] Fedora 31 Update: memcached-1.5.17-1.fc31
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...
Design/Logic Flaw
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load f...
CVE-2019-12698 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CPU Denial of Service Vulnerability
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load f...
PT-2019-3822 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the WebVPN feature of the software, which is...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
nodejs: Denial of Service with large HTTP headers
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads Exploit
VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where no new document has been attached, // and the old document has...
CVE-2019-11747
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...
CVE-2015-9415
Vulnerability context: The BJ Lazy Load plugin for WordPress (versions before 1.0) has a Remote File Inclusion (RFI) vulnerability via TimThumb. The connected nuclei template explicitly notes RFI through TimThumb in BJ Lazy Load