MariaDB: scripts loader (denial of service) vulnerability

1 vulnerability description WordPress allows users to load multiple JS files and CSS files through load-scripts.php files at once. For example, https://wpwebsite.com/wp-admin/load-scripts.php?c=1&load=jquery-ui-core,editor&ver=4.9.1, file load-scripts.php will load jquery-ui-core and editor files...

The vulnerability of the Load Testing component in the Oracle Application Testing Suite, which is used for testing web applications, web services, and databases, allows a hacker to gain access to protected information, alter file access rights, or cause partial service disruption.

The vulnerability of the Load Testing component in the Oracle Application Testing Suite, which is used for testing web applications, web services, and databases, relates to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain access to protected...

CVE-2019-11747

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...

CVE-2019-11747

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...

openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)

This is a version update for podman to version 1.4.4 bsc1143386. Additional changes by SUSE on top : - Remove fuse-overlayfs because it's currently an unsatisfied dependency on SLE bsc1143386 - Update libpod.conf to use correct infracommand - Update libpod.conf to use better versioned pause...

Security update for podman, slirp4netns and libcontainers-common (moderate)

openSUSE Security Update: Security update for podman, slirp4netns and libcontainers-common Announcement ID: openSUSE-SU-2019:2044-1 Rating: moderate References: 1096726 1123156 1123387 1135460 1136974 1137860 1143386 Cross-References: CVE-2018-15664 CVE-2019-10152 CVE-2019-6778 Affected Products:...

keepalived security update

CentOS Errata and Security Advisory CESA-2019:2285 An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CentOS 7 : keepalived (CESA-2019:2285)

An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

DEBIAN-CVE-2019-15767

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmdload function in frontend/cmd.cc via a crafted chess position in an EPD file...

WordPress feed-them-social plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Facebook Feeds Load More button in versions of the WordPress...

PT-2019-14377 · Gnu +1 · Gnu Chess +1

Name of the Vulnerable Software and Affected Versions: GNU Chess version 6.2.5 Description: A stack-based buffer overflow issue exists in the cmd load function, located in frontend/cmd.cc, which can be triggered by a crafted chess position in an EPD file. Recommendations: For GNU Chess version...

GNU Chess Stack Buffer Overflow Vulnerability

GNU Chess is a chess game program. A stack buffer overflow vulnerability exists in the cmdload function in frontend/cmd.cc in GNU Chess 6.2.5. An attacker can exploit this vulnerability to cause a stack buffer overflow via a specially crafted chess position in an EPD file...

Amazon Linux 2 : libvirt (ALAS-2019-1274) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to improve the...

RHEL 7 : qemu-kvm-rhev (RHSA-2019:2553)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2553 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

Code injection

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

CVE-2019-4448

CVE-2019-4448 affects IBM DB2 High Performance Unload (HPU) load for LUW. The vulnerable binaries db2hpum and db2hpum_debug are setuid root and provide built-in options to load arbitrary libraries from a privileged context, enabling a low-privilege user to execute arbitrary code with root authori...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

ABB Panel Builder 600 suffers from dll hijacking vulnerability

The ABB Group is a global leader in power and automation technology and is committed to providing solutions for customers in the industrial and power sectors. ABB Panel Builder 600 suffers from a dll hijacking vulnerability that can be exploited by attackers to load a malicious dll and execute...