Mattermost Server Access Privilege Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. An attacker can exploit the vulnerability to gain access to API endpoints after a...

[slackware-security] bind

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.18-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: DNS rebinding protection was ineffective wh...

Node.js third-party modules: Denial Of Service in Strapi Framework using argument injection

I would like to report Denial Of Service in Strapi Framework.It allows attacker to force restart the server using argument injection. Module module name: strapi version: 3.0.0-beta.18.3 and earlier npm page: https://www.npmjs.com/package/strapi Module Description The Strapi HTTP layer sits on top...

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

Integer Overflow

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

ASLR Bypass

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

Out-Of-Bounds Read

FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handl...

Update Rollup 6 for System Center 2016 Data Protection Manager

Update Rollup 6 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2016 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing Data...

IBM Security Key Lifecycle Manager Authentication Missing Vulnerability

IBM Security Key Lifecycle Manager centralizes, simplifies and automates the encryption key management process, helping to minimize the risks and operational costs of encryption key management. An authentication missing vulnerability exists in IBM Security Key Lifecycle Manager. An unauthenticate...

CVE-2018-1745

IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424...

CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...

Denial of Service Vulnerability in JeeCMS v8.1 Data Restore Function

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...

CVE-2016-8276

Buffer overflow in the Point-to-Point Protocol over Ethernet PPPoE module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service...

HTTP. sys remote code execution vulnerability in the repair method-vulnerability warning-the black bar safety net

Vulnerability description If an attacker to the affected Windows System to send a specially crafted HTTP request, this vulnerability allows for remote code execution. After security personnel test, serious harm, Please as soon as possible repair. This security update fixes the vulnerability in...

CentOS 7 : 389-ds-base (CESA-2016:0204)

Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: 389-ds-base security and bug fix update

Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Keybase: Remote Server Restart Lead to Denial of Server by only one Request.

URL === https://keybase.io//api/1.0/merkle/block.json?hash=68b5d3599be9acbe97bcc45603a322f85f8a99b9cbc696592fe1088c3a099a45d929f0bc2fae2230f0b31b5e4b4122365f50b34fcf91a94a357df90a83e3b013 Poc: ==== https://keybase.io//api/1.0/merkle/block.json?hash=1 see video...

RHEL 6 : JBoss EAP (RHSA-2015:2542)

Updated jboss-ec2-eap packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat JBoss Enterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Commo...