PT-2021-3126

Name of the Vulnerable Software and Affected Versions nginx versions 1.20.0 Description A security issue in the nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash...

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

DEBIAN-CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

CVE-2019-25043

CVE-2019-25043 affects ModSecurity 3.x prior to 3.0.4. The vulnerability arises from mishandling of key-value pair parsing, demonstrated by a string index out of range error and a worker-process crash triggered by a Cookie: =abc header. The impact is a crash/restart of workers, with no documented...

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

CVE-2019-25043

ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header...

PT-2021-4072 · Unknown · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity versions 3.x before 3.0.4 ModSecurity version 3.0.4 is not affected, so the range can be simplified to versions prior to 3.0.4. Description: The issue is related to incorrect parsing of key-value pairs, which can lead to a "string...

NewStart CGSL CORE 5.05 / MAIN 5.05 : dovecot Multiple Vulnerabilities (NS-SA-2020-0105)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has dovecot packages installed that are affected by multiple vulnerabilities: - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used ...

Oracle Linux 7 : olcne / nginx (ELSA-2020-5859)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5859 advisory. - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - Adress CVE-2019-9511 - Adress CVE-2018-16845 Tenable has extracted the precedin...

Amazon Linux AMI : dovecot (ALAS-2020-1363)

The version of dovecot installed on the remote host is prior to 2.2.36-6.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1363 advisory. In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker...

Arbitrary Code Execution

dovecot is vulnerable to arbitrary code execution. A buffer overflow vulnerability in the indexer-worker process allows an attacker to execute arbitary code on the system...

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability

Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...

Security update for varnish (moderate)

openSUSE Security Update: Security update for varnish Announcement ID: openSUSE-SU-2019:2221-1 Rating: moderate References: 1149382 Cross-References: CVE-2019-15892 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that fixes one vulnerability is now available...

openSUSE Security Update : varnish (openSUSE-2019-2184)

This update for varnish fixes the following issues : Security issue fixed : - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed : - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart th...

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

Attacking the VM Worker Process

In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...

Nginx 1.15.x < 1.15.6 Multiple Vulnerabilties

According to its Server response header, the installed version of nginx is 1.x prior to 1.14.1 or 1.15.x prior to 1.15.6. It is, therefore, affected by the following issues : - An unspecified error exists related to the module 'ngxhttpv2module' that allows excessive memory usage. CVE-2018-16843 -...