Race condition

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition...

Important: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container

Red Hat Ansible Tower 3.6.2-1 - RHEL7 Container Added a command to generate a new SECRETKEY and rekey the database Removed the guest user from the optionally-configured RabbitMQ admin interface CVE-2019-19340 Fixed slow queries for /api/v2/instances and /api/v2/instancegroups when smart inventori...

The vulnerability of Google Chrome lies in the lack of a timeout mechanism for the installation of Chrome extensions. This allows attackers to initiate the installation of malicious Chrome extensions.

The vulnerability of Google Chrome lies in the absence of a timeout for the extension installation process. Exploiting this vulnerability allows an attacker to initiate the installation of malicious Chrome extensions through a specially created HTML page...

Zomato: Zomato Map server going out of memory while resizing map image

Go to https://maps.zomato.com/php/staticmap?center=0,0&size=240x150&maptype=zomato&markers=180,180,pinres32&sensor=false&scale=%&zoom=eval2147483647+1&language=en a map will be displayed Now increase the map size by 10x...

openSUSE Security Update : clamav (openSUSE-2019-2595)

This update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458...

openSUSE Security Update : clamav (openSUSE-2019-2597)

This update for clamav fixes the following issues : Security issue fixed : - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458...

Security update for clamav (moderate)

openSUSE Security Update: Security update for clamav Announcement ID: openSUSE-SU-2019:2595-1 Rating: moderate References: 1144504 1149458 1151839 Cross-References: CVE-2019-12625 CVE-2019-12900 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is...

OPENSUSE-SU-2019:2597-1 Security update for clamav

This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458...

SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3066-1)

This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458. Non-securit...

SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3053-1)

This update for clamav fixes the following issues : Security issue fixed : CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458. Non-securit...

SUSE-SU-2019:3053-1 Security update for clamav

This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files bsc1144504. - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors bsc1149458...

CVE-2014-0084

CVE-2014-0084 affects the Ruby gem openshift-origin-node prior to 2014-02-14, which does not enforce a cronjob timeout, potentially enabling a denial-of-service in cron.daily and cron.weekly. Public records in OSV/RH advisories reference the same issue (GHSA-756M-3QF2-HP58) and describe an improp...

PT-2019-7037 · Red Hat · Openshift-Origin-Node

Name of the Vulnerable Software and Affected Versions: openshift-origin-node versions prior to 2014-02-14 Description: The issue is related to the absence of a cronjob timeout in the Ruby gem openshift-origin-node, which could lead to a denial of service in cron.daily and cron.weekly...

UBUNTU-CVE-2019-19073

Memory leaks in drivers/net/wireless/ath/ath9k/htchst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering waitforcompletiontimeout failures. This affects the htcconfigpipecredits function, the htcsetupcomplete function, and the...

kernel security update

3.10.0-1062.4.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 3.10.0-1062.4.3 - drm drm/i915/cmdparser: Fix jump whitelist clearing Dave Airlie...

Moderate: Red Hat Security Advisory: heketi security, bug fix, and enhancement update

Updated heketi packages that fix one security issue, multiple bugs, and adds various enhancements is now available for OpenShift Container Storage 3.11 Batch 4 Update. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

Ajenti 2.1.31 - Remote Code Exection Exploit

Exploit for jsp platform in category web applications Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit:...

SUSE-RU-2019:2715-1 Recommended update for xen

This update for xen to version 4.12.1 fixes the following issues: - Fixed an issue which made Xen crash on AMD ROME based machines bsc1135799. - Xenpvnetboot is now ported correctly to Python 3 bsc1138563. - Added code to change LIBXLHOTPLUGTIMEOUT at runtime bsc1120095. The included README has...

Ajenti 2.1.31 - Remote Code Execution

Ajenti 2.1.31 - Remote Code Execution Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...

nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...