GHSA-G74R-FFVR-5Q9F Memory Exposure in concat-stream

Versions of concat-stream before 1.5.2 are vulnerable to memory exposure if userp provided input is passed into write Versions 1.3.0 are not affected due to not using unguarded Buffer constructor. Recommendation Update to version 1.5.2, 1.4.11, 1.3.2 or later. If you are unable to update make sur...

Buffer Overflow

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

The vulnerability of the NTFS-3G driver for the NTFS file system in FUSE modules of Unix-like operating systems, related to buffer overflows, allows attackers to elevate their privileges to a superuser level.

The vulnerability of the NTFS-3G driver for the NTFS file system in the FUSE module of Unix-like operating systems is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to elevate their privileges to a superuser level...

The compatibility subsystem for running Linux applications allows the Windows Subsystem for Linux operating systems to enable attackers to elevate their privileges and execute arbitrary code.

The vulnerability of the compatibility subsystem for running Linux applications stems from a numerical overflow. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code using a specially created application...

The compatibility subsystem for running Linux applications allows the Windows Subsystem for Linux operating systems. This enables attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the compatibility subsystem for running Linux applications stems from a numerical overflow. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code through a specially created application...

rdesktop Numeric Error Vulnerability

rdesktop is an open source remote desktop client program. A security vulnerability exists in rdesktop 1.8.3 and earlier versions. No details of the vulnerability are provided at this time...

Iptables Essentials - Common Firewall Rules And Commands

Tools to help you configure Iptables Shorewall - advanced gateway/firewall configuration tool for GNU/Linux. Firewalld - provides a dynamically managed firewall. UFW - default firewall configuration tool for Ubuntu. FireHOL - offer simple and powerful configuration for all Linux firewall and...

Microsoft HID Driver Numeric Truncation Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists in the hidparse.sy...

The vulnerability of the ReadRealIndex function in the Real demuxer plugin of the VideoLAN VLC media player allows a hacker to execute arbitrary code.

The vulnerability of the ReadRealIndex function in the Real demuxer plugin of the VideoLAN VLC media player is due to a numerical overflow that causes a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious RealMedia .rm fi...

The vulnerability of the file2strvec function in console applications for monitoring and terminating system processes in Props-ng allows a perpetrator to execute arbitrary code.

The vulnerability of the file2strvec function in console applications for monitoring and terminating system processes in Props-ng is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Microsoft Edge Chakra - InlineArrayPush Type Confusion Exploit

/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...

Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion

/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...

Microsoft Edge Chakra - InlineArrayPush Type Confusion

Microsoft Edge Chakra - InlineArrayPush Type Confusion / In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer t...

Microsoft Edge Chakra InlineArrayPush Type Confusion

Microsoft Edge: Chakra: Type confusion with InlineArrayPush CVE-2018-8617 In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots...

Open Redirect And Cross-site Scripting (XSS)

django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...

Privilege Escalation

github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitivel...

Denial Of Service (DoS)

mysql is vulnerable to denial of service DoS attacks. The vulnerability exists as Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number of points, which is...

GHSA-37HP-765X-J95X Django open redirect and possible XSS attack via user-supplied numeric redirect URLs

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...

Django open redirect and possible XSS attack via user-supplied numeric redirect URLs

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3847-1 advisory. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker cou...