QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

SAP Message Server Service Detection

A SAP Message Server Service is running at this host. SAP Message Server is for - Central communication channel between the individual application servers instances of the system - Load distribution of logons using SAP GUI and RFC with logon groups - Information point for the Web Dispatcher and t...

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

CVE-2017-2611

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

Make Application Access IT-Friendly

More and more companies are looking at alternatives to VPNs due to the security risks associated with network level access. And increasingly, the goal is to eliminate network trust through a zero trust architecture - which is one of the primary reasons many of these organizations are deploying...

loadbalancing.modaco.com XSS vulnerability

Open Bug Bounty ID: OBB-613326 Description| Value ---|--- Affected Website:| loadbalancing.modaco.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PCI Scan Accuracy cannot be verified through Load Balancer with non-identically configured or non-synced systems

The remote has is behind a load balancer either with a non-identical configurations to its peers, or is not synced with its peers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid109582; scriptversion"1.2"; scriptcvsdate"Date: 2019/04/04 10:19:47";...

tomcat: Late application of security constraints can lead to resource exposure for unauthorised users

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

gdal/gdal_fuzzer: Heap-buffer-overflow in PCIDSK::CPCIDSKGeoref::Load

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5443800485855232 Project: gdal Fuzzer: libFuzzergdalfuzzer Fuzz target binary: gdalfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 16 Crash Address:...

[SECURITY] Fedora 28 Update: haproxy-1.8.8-1.fc28

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

CVE-2018-10645

Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...

Microsoft Windows 10: Load and unload device drivers

This policy setting determines which users can dynamically load and unload device drivers. This user right is not required if a signed driver for the new hardware already exists in the driver.cab file on the device. Device drivers run as highly privileged code. Windows supports the Plug and Play...

[SECURITY] Fedora 27 Update: memcached-1.5.7-1.fc27

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...

PT-2018-3110 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the 'multires load old dm' functionality, allowing a buffer overflow that can enable code execution under the context of the application. This can be triggered by a specially...

[SECURITY] Fedora 26 Update: memcached-1.4.39-2.fc26

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...

Addressing the Availability of the ACAEngine

In my experience as a Solutions Engineer, I've seen many companies strive for 100% uptime of enterprise applications. However, this is a goal that cannot happen by itself. Careful thought must be put into the underlying architecture that delivers these critical enterprise applications. Recently,...

PYSEC-2018-75

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote...

CVE-2018-1000167

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote...

The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics

You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...

DEBIAN-CVE-2018-10113

An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...