3385 matches found
grub2-bhyve -- multiple privilege escalations
Reno Robert reports: FreeBSD uses a two-process model for running a VM. For booting non-FreeBSD guests, a modified grub-emu is used grub-bhyve. Grub-bhyve executes command from guest grub.cfg file. This is a security problem because grub was never written to handle inputs from OS as untrusted. In...
CVE-2019-6477
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to...
There is a Skills Shortage, But it isn’t Your Real Problem
During my undergraduate days, I recall hearing that the Bell System was slow to deploy automated dialing. While smaller local phone companies allowed callers to dial a number directly from their phone, the Bell system continues to rely on switchboard operators into the 1930s. In fact, early phone...
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)
This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)
This update for MozillaThunderbird to version 68.2.1 provides the following fixes : - Security issues fixed bsc1154738 : - CVE-2019-15903: Fixed a heap overflow in the expat library bsc1149429. - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB bsc1154738. -...
November 12, 2019—KB4525246 (Monthly Rollup)
November 12, 2019—KB4525246 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4520013released October 15, 2019 and addresses the following issues: Addresses an issue that prevents a 16-bit Visual Basic 3VB3 application or other...
ACCESS Act might improve data privacy through interoperability
Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects...
PVS 7.15: Unable to boot/restart target device from PVS
Nothing happens when weboot/restart target device from PVS console. Able to boot/restart machine from Studio...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...
CVE-2019-4409
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the...
CVE-2019-17538
Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...
CVE-2019-17493
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2019-17491
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2019-17491
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2019-17489
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...
CVE-2019-17493
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2019-17489
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...
Design/Logic Flaw
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...
Design/Logic Flaw
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemsampleinput parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2019-17489
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...