7666 matches found
UBUNTU-CVE-2018-10113
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...
imagemagick/encoder_dng_fuzzer: Stack-buffer-overflow in LibRaw::kodak_radc_load_raw
Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5965403386806272 Project: imagemagick Fuzzer: aflimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type:...
The vulnerability of the Android operating system’s loader from the CAF repository allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Android operating system’s loader from the CAF repository is related to insufficient checks on the sizes of headers in compressed load images. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protect...
LocalTapiola: DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
Description There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...
DEBIAN-CVE-2014-3539
base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...
PYSEC-2018-100
base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...
PYSEC-2018-100
base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...
UBUNTU-CVE-2014-3539
base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...
How to Determine the IP Addresses of Active Connections to a Virtual Server of a NetScaler
This article describes how to determine the IP addresses of active connections to a virtual server of a NetScaler. Background To troubleshoot a web application issue, you might need to determine the IP address actively connected to a virtual server of NetScaler. For example, certain percentage of...
The vulnerability of the pcxLoadRaster function in the Sam2p image conversion utility allows a attacker to cause a service failure or exert other effects.
The vulnerability of the pcxLoadRaster function in the Sam2p image conversion utility is caused by buffer overflow in the dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
All Aliases Have Failed
Challenge A Tenant's Backup Job or Backup Copy Job targeting a Cloud Repository fails with the following message: Target gate has rejected connection. Unable to establish target connection. All aliases have failed. The wording of the error might differ, but the root error "All Aliases Have Failed...
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C...
QID 86725 “F5 BIG-IP Load Balancer Internal IP Address Disclosure”
QID 86725 “F5 BIG-IP Load Balancer Internal IP Address Disclosure Vulnerability” will be marked as a PCI Fail as of May 1, 2018 in accordance with its CVSS score. F5 BIG IP encodes private IP addresses in the persistent cookies, which could be collected by the attacker and decoded back. The...
KVA Shadow: Mitigating Meltdown on Windows
On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown
In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities. The limited time program is open until December 31, and offers up to $250,000 for identifying new categories of speculative execution...
CVE-2016-8612
Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process...
CVE-2018-7998
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...
DEBIAN-CVE-2018-7998
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race conditi...