Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the process when handling zero-length resources. An attacker can access sensitive information or cause a denial of service by submitting specially crafted content. Remediation A fix was pushed in...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the process handling TLS certificate validation. An attacker can intercept or manipulate sensitive data by exploiting improper certificate validation during secure communications. Remediation There is ...

EUVD-2019-9607

Malware in sbrugna...

EUVD-2010-0055

Malware in sbrugna...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the process handling incoming requests. An attacker can cause the service to become unresponsive by sending specially crafted input. Remediation Upgrade org.apache.iotdb:iotdb-core to version 2.0.5 or highe...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the process handling user data. An attacker can execute arbitrary code, access sensitive information, or cause a denial of service by leveraging local access with high privileges. Remediation A fix was pushed...

CVE-2020-26213

In teler before version 0.0.1, if you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1...

CVE-2024-57977 memcg: fix soft lockup in the OOM process

In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered. watchdog: BUG: soft lockup - CPU2...

openSUSE Security Update : rdesktop (openSUSE-2019-2135)

This update for rdesktop fixes the following issues : rdesktop was updated to 1.8.6 : - Fix protocol code handling new licenses rdesktop was updated to 1.8.5 : - Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server. rdesktop wa...

Windows Audio Service Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This...

Updates to Citrix Workspace app installer

Objective This update is applicable to Citrix Workspace app 1904 and above Citrix Workspace app installer starts certain processes during the installation of the software. Citrix Workspace app 1904 for Windows onwards certain changes have been made to the process handling in the installer. Althou...

CVE-2019-1027

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This...

CVE-2018-15437 Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...

[SECURITY] Fedora 27 Update: tomcat-native-1.2.16-1.fc27

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

Huawei MHA-AL00A Integer Overflow Vulnerability

The Huawei MHA-AL00A is a smartphone product from the Chinese company Huawei Huawei. An integer overflow vulnerability exists in Huawei MHA-AL00A MHA-AL00AC00B125 version, which arises from the program failing to properly handle a variable during process handling. The vulnerability can be exploit...

Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8747/info A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage API call. Reports indica...

Systrace 1.x Local Policy Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9998/info Systrace has been reported prone to a vulnerability that may permit an application to completely bypass a Systrace policy. The issue presents itself because Systrace does not perform sufficient sanity checks whi...

Debian Security Advisory DSA 2362-1 (acpid)

The remote host is missing an update to acpid announced via advisory DSA 2362-1. OpenVAS Vulnerability Test $Id: deb23621.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2362-1 acpid Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Design/Logic Flaw

acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service daemon hang via a crafted application that performs a connect system call but no read system calls...

Debian DSA-1070-1 : kernel-source-2.4.19 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-0427 A local denial of service vulnerability i...