7703 matches found
Citrix Web Application Firewall : 400 Bad Request
Getting the error "The request failed with HTTP status 400:." when opening an application hosted using a Load balancing Virtual Server when Application Firewall Profile is bound. Sample entry seen in /var/log/ns.log : Nov 22 09:49:45 172.25.224.219 11/22/2018:09:49:45 GMT qahvpxlb09 0-PPE-1 :...
CVE-2018-19023
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...
Command injection
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...
CVE-2018-19023
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...
[SECURITY] Fedora 28 Update: haproxy-1.8.17-1.fc28
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
[SECURITY] Fedora 29 Update: haproxy-1.8.17-1.fc29
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019
December 5, 2018—KB4469041 Preview of cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 12/05/2018Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system...
hw: cpu: speculative store bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
Cache-load gadgets exploitable with L1TF
ISSUE DESCRIPTION Previously reported vulnerabilities CVE-2017-5753 / XSA-254 Spectre V1 and CVE-2018-3646 / XSA-273 L1TF can, when combined, be leveraged to more easily gather leaked information. A Spectre v1 gadget is a speculation sequence which starts with a conditional branch, contains a...
phpMyAdmin -- File disclosure and SQL injection
The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...
Unspecified Vulnerability in Oracle Enterprise Manager Products Suite
Oracle Enterprise Manager Products Suite is a set of Oracle's on-premise management platform. Application Testing Suite is one of the application testing components. A security vulnerability exists in the Load Testing for Web Apps subcomponent of the Application Testing Suite component of Oracle...
How to Load Balance Trivial File Transfer Protocol Servers
This article describes how to load balance a Trivial File Transfer Protocol TFTP server using Reverse Network Address Translation RNAT and Use Source IP USIP. TFTP is simple file transport protocol. It uses User Datagram Protocol UDP port 69 as a transport protocol and is typically implemented on...
CVE-2018-3305
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker...
CVE-2018-3304
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker...
UBUNTU-CVE-2019-6446
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2019-108
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2019-38
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
PYSEC-2019-108
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria:...
Denial Of Service (DoS)
389-ds-base is vulnerable to denial of service DoS attacks. The vulnerability exists as 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could u...