1071 matches found
CVE-2019-19396
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...
Deserialization of untrusted data
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...
tomcat: Apache Tomcat HTTP/2 DoS
A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack...
[SECURITY] Fedora 30 Update: nspr-4.23.0-1.fc30
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...
[SECURITY] Fedora 31 Update: nspr-4.23.0-1.fc31
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...
box.js - A Tool For Studying JavaScript Malware
A utility to analyze malicious JavaScript. Installation Simply install box-js from npm: npm install box-js --global Usage Looking to use box-js with Cuckoo? Use cuckoo-package.py as an analysis package. Let's say you have a sample called sample.js: to analyze it, simply run box-js sample.js Chanc...
SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-2)
This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...
[SECURITY] Fedora 30 Update: python-slixmpp-1.4.2-1.fc30
Slixmpp is an MIT licensed XMPP library for Python 3.5+. It is a fork of SleekXMPP. Goals is to only rewrite the core of the library the low level socket handling, the timers, the events dispatching in order to remove all threads...
RUSTSEC-2019-0018 Internally mutating methods take immutable ref self
Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...
SUSE-SU-2019:2227-1 Security update for libvirt
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...
CVE-2019-15134
RIOT through 2019.07 contains a memory leak in the TCP implementation gnrctcp, allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to receive in sys/net/gnrc/transportlayer/tcp/gnrctcpeventloop.c...
CVE-2019-15134
CVE-2019-15134 affects RIOT OS (GNRC TCP) up through 2019.07. The issue is a memory leak in the TCP implementation (gnrc_tcp) triggered in _receive within sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c when an ACK is received before a SYN. This can cause unbounded memory consumption for ne...
SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2105-1)
This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...
openSUSE Security Update : tomcat (openSUSE-2019-1808)
This update for tomcat to version 9.0.21 fixes the following issues : Security issues fixed : - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerabilit...
CVE-2019-2290
Multiple open and close from multiple threads will lead camera driver to access destroyed session data pointer in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W,...
OPENSUSE-SU-2019:1808-1 Security update for tomcat
This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerability...
SUSE-SU-2019:1895-1 Security update for tomcat
This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames bsc1131055. - CVE-2019-0221: Fixed a cross site scripting vulnerability...
DEBIAN-CVE-2019-1010025
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability...
CVE-2019-1010025
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability...
PT-2019-11441 · Gnu +1 · Glibc +1
Name of the Vulnerable Software and Affected Versions: glibc affected versions not specified Description: The issue concerns a mitigation bypass in glibc, allowing an attacker to potentially guess the heap addresses of pthread-created threads. The vendor's stance is that ASLR bypass itself is not...