CVE-2019-10404

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

PT-2019-11798 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue results from the failure to escape the reason why a queue item is blocked in tooltips, leading to a stored XSS vulnerability. This can be...

CVE-2019-16230

drivers/gpu/drm/radeon/radeondisplay.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics ca...

CVE-2019-16230

drivers/gpu/drm/radeon/radeondisplay.c in the Linux kernel 5.2.14 does not check the allocworkqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics ca...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

Linux kernel memory leak vulnerability (CNVD-2019-31644)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory leak vulnerability exists in registerqueuekobjects in net/core/net-sysfs.c in versions of Linux kernel prior to 5.0.1. An attacker could exploit this...

DEBIAN-CVE-2019-15916

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in registerqueuekobjects in net/core/net-sysfs.c, which will cause denial of service...

Denial Of Service (DoS) Via Settings Flood

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. The attack can be triggered by sending a flood of settings by a HTTP/2 peer, leading to an excessive data queue and causing high CPU and resource consumption...

PT-2019-17018 · Ibm · Ibm Mq Appliance +1

Name of the Vulnerable Software and Affected Versions: IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.6 IBM DataPower Gateway versions 7.6.0.0 through 7.6.0.15 IBM MQ Appliance versions 8.0.0.0 through 8.0.0.12 IBM MQ Appliance versions 9.1.0.0 through 9.1.0.2 IBM MQ Appliance version...

Design/Logic Flaw

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

Code injection

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

CVE-2019-9517 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

UBUNTU-CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

IBM MQ Input Validation Error Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An input validation error vulnerability exists in IBM MQ. An attacker could exploit this vulnerability to cause ...

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2019-25337)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue versions 1.0.0, 1.0.1, and 1.0.2. An...

CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

Cross site scripting

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

CVE-2019-14406

CVE-2019-14406 affects cPanel before 78.0.18, with a stored XSS in the BoxTrapper Queue Listing (SEC-493). Root cause: lack of proper validation of client-side data by the web application. Impact is consistent with stored XSS in the affected component; exploitation details are not provided in the...

DEBIAN-CVE-2018-20856

An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an blkdrainqueue use-after-free because a certain error case is mishandled...