EUVD-2015-9255

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

Autoscaling Wallarm Nodes in AWS, GCP, and Azure

Newly updated Wallarm Node images now natively support autoscaling capabilities in AWS, GCP, and Azure. Updated images are already available in cloud provider marketplaces and can rely on the native auto-scaling to adjust the number of nodes based on traffic, CPU load, and other parameters. What ...

WordPress bj-lazy-load plugin remote file inclusion vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bj-lazy-load is a page content delayed loading plugin used in it. A remote file inclusion vulnerability exists in versions of the...

Improper access control

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls FAC a software IP protection method for execute-only access can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register...

EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2035)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The 1 Sreghop3, 2 Sreghop4, and 3 Sreghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial o...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

Corel PaintShop Pro 2020 suffers from dll hijacking vulnerability

Corel is a manufacturer specializing in digital multimedia applications. Corel PaintShop Pro 2020 suffers from a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...

ffjpeg Buffer Overflow Vulnerability

ffjpeg is a simple jpeg encoding and decoding implementation. ffjpeg A buffer overflow vulnerability exists in jfifload in jfif.c in versions prior to 2019-08-21, which can be exploited by an attacker to cause a buffer overflow or heap overflow, among other things...

CVE-2019-16352

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfifload at jfif.c...

PT-2019-14642 · FFmpeg · Ffjpeg

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2019-08-21 Description: The issue is a heap-based buffer overflow in the jfif load function at jfif.c. Recommendations: For versions prior to 2019-08-21, update to a version released after 2019-08-21 to resolve the...

[SECURITY] Fedora 29 Update: bind-dyndb-ldap-11.1-19.fc29

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

OLX: load scripts DOS vulnerability

1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

edk2 security update

1:1.2-5.el7 - Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmfvarsgenerator so qemu will not require kvm kernel module. Aaron Young - Update spec file to modprobe kvmintel module prior to running qemu to enroll default keys. Aaron Young - Enroll Oracle cert/key...

CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

Authentication flaw

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

CVE-2019-14997

CVE-2019-14997 affects Jira AccessLogFilter, enabling remote anonymous attackers to learn details about other users (including usernames) via an information disclosure through caching when Jira is behind a reverse proxy/load balancer with caching or a CDN. Affected software is Jira before version...

PT-2019-14599 · Intel +2 · Opencv +2

Name of the Vulnerable Software and Affected Versions: OpenCV version 4.1.1 Description: The issue is related to an out-of-bounds read in the hal baseline::v load function located in core/hal/intrin sse.hpp, which is called from computeSSDMeanNorm in modules/video/src/dis flow.cpp. Recommendation...

FormAssembly: scripts loader DOS vulnerability

1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load%5B%5D=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor...