[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 11040 Download | Alert*

The host is installed with Elasticsearch 6.7.x through 6.8.3 and 7.x through 7.3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

The host is installed with Elasticsearch 6.7.x through 6.8.3 and 7.x through 7.3.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in API Key service. Successful exploitation could allow attackers to send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace"s pid 1, it will result in a hung task, and resources being permanently locked up until system reboo ...

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel"s proc_pid_readdir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng"s utilitie ...

The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration from taking place properly.

The host is installed with IBM Tivoli Directory Server (TDS) 6.1 before 6.1.0.47 or 6.2 before 6.2.0.22 or 6.3 before 6.3.0.11 and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by the use of NULL-MD5 and NULL-SHA ciphers in the default Transport Layer Security (TLS) configuration. Successful exploitation allows remote attackers to trigger u ...

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service , as described in "Secretly Monopolizing the CPU Without Superuser Privileges."


Pages:      Start    1072    1073    1074    1075    1076    1077    1078    1079    1080    1081    1082    1083    1084    1085    ..   1103

© SecPod Technologies