openSUSE Security Update : systemd (openSUSE-2019-1450)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files bsc1080919. - CVE-2019-3842: Fixed a vulnerability in pamsystemd which...

CVE-2019-12042

The CVE-2019-12042 issue affects Panda Security products (Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, Panda Internet Security). Root cause: insecure permissions on the shared memory section object Global\PandaDevicesAgentSharedMemory and the e...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2019:1265-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files bsc1080919. CVE-2019-3842: Fixed a vulnerability in pamsystemd which...

SecurityRAT - Tool For Handling Security Requirements In Development

OWASP Security RAT Requirement Automation Tool is a tool supposed to assist with the problem of addressing security requirements during application development. The typical use case is: specify parameters of the software artifact you're developing based on this information, list of common securit...

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

IBM MQ Information Disclosure Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ Console that stems from the program's use of weak encryption algorithm...

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite or Capsule can use this fla...

GHSA-JPV3-G4CC-6VFX Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive...

PT-2019-5423 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.6 Description: An issue in the Linux kernel's network subsystem is related to errors in pointer counting in the functions rx queue add kobject and netdev queue add kobject in net/core/net-sysfs.c. This issue...

IBM MQ Elevation of Privilege Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ. An attacker could exploit this vulnerability to elevate privileges...

IBM MQ Code Injection Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. A security vulnerability exists in IBM MQ. A local attacker could exploit the vulnerability to inject code and...

PT-2021-23414 · Mediawiki +1 · Replacetext Extension +1

Name of the Vulnerable Software and Affected Versions: ReplaceText extension versions 1.41 and earlier for MediaWiki Description: The issue concerns Incorrect Access Control in the ReplaceText extension for MediaWiki. When a user is blocked after submitting a replace job, the job is still execute...

CVE-2019-6594

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP MPTCP does not protect against multiple zero length DATAFINs in the reassembly queue, which can lead to an infinite loop in some circumstances...

DEBIAN-CVE-2018-20784

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfsrq's, which allows attackers to cause a denial of service infinite loop in updateblockedaverages or possibly have unspecified other impact by inducing a high load...

CVE-2019-1700 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

CVE-2019-1700 Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge Denial of Service Vulnerability

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

IBM MQ Console REST API Denial of Service Vulnerability

IBM MQ formerly known as IBM WebSphere MQ is a messaging middleware product from IBM in the United States. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA.Console REST AP is one of the console REST application program interface components. A security...

Contiki-NG buffer overflow vulnerability (CNVD-2019-00328)

Contiki-NG is an open source, cross-platform operating system for next-generation IoT devices, and MQTT Server is a message queue transport server. A buffer overflow vulnerability exists in MQTT Server in versions of Contiki-NG prior to 4.2. An attacker can exploit this vulnerability to execute...

IBM MQ Library Elevation of Privilege Vulnerability

IBM MQ formerly known as IBM WebSphere MQ is a messaging middleware product from IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in the IBM MQ library. An attacker can exploit the vulnerability t...

CVE-2018-15323

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action...