Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3) Exploit

Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 3 CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2019-10659

Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field...

CVE-2019-10659

Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field...

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

DEBIAN-CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

CVE-2018-20615

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-check...

RHEL 7 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fixes: haproxy...

RHEL 7 : OpenShift Container Platform 3.10 haproxy (RHSA-2019:0548)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0548 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security fixes: haproxy:...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.9 haproxy security update

An update for haproxy is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

Adobe Patches Critical Photoshop, Digital Edition Flaws

Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions. Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company sai...

Adobe Patches Critical ColdFusion Vulnerability With Active Exploit

Adobe has issued an emergency patch for a critical vulnerability in its ColdFusion service that is being exploited in the wild. The vulnerability, CVE-2019-7816, exists in Adobe’s commercial rapid web application development platform, ColdFusion. The ColdFusion vulnerability is a file upload...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash

A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. Mishandling occurs when a priority flag is set on too short HEADERS frame in the HTTP/2 decoder, allowing an out-of-bounds read and a subsequent crash to occur. A remote attacker can exploit this flaw to cause a denial of service. Tho...

Adobe Issues Unscheduled Updates for Experience Manager Platform

Adobe has issued unscheduled patches for vulnerabilities rated “important” across its Experience Manager platform, which allows developers to create mobile apps, social campaigns and landing pages. Overall, Adobe issued three fixes, including an “important” flaw CVE-2018-19726 and a “moderate” fl...

Proxygen Denial of Service Vulnerability (CNVD-2019-00956)

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the handling of invalid HTTP2 priority settings in Facebook Proxygen versions prior to 2018.12.31.00. An attacker can exploit this vulnerability to cause a denial...

CVE-2018-6346

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings specifically a circular dependency. This affects Proxygen prior to v2018.12.31.00...