Irssi Scroll Buffer Expired Hidden Lines Use-After-Free Vulnerability

A vulnerability in Irssi could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a use-after-free condition that could occur when the affected software expires hidden lines from the scroll buffer. An attacker could exploit this vulnerability by sending a request that …

Irssi Scroll Buffer Expired Hidden Lines Use-After-Free Vulnerability Read More »

FasterXML jackson-databind axis2-transport-jms Class Blocking Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to perform unauthorized actions on a targeted system. The vulnerability exists because the affected software fails to block the axis2-transport-jms class from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. …

FasterXML jackson-databind axis2-transport-jms Class Blocking Vulnerability Read More »

FasterXML jackson-databind jboss-common-core Class Blocking Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to perform unauthorized actions on a targeted system. The vulnerability exists because the affected software fails to block the jboss-common-core class from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. …

FasterXML jackson-databind jboss-common-core Class Blocking Vulnerability Read More »

FasterXML jackson-databind openjpa Class Blocking Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to perform unauthorized actions on a targeted system. The vulnerability exists because the affected software fails to block the openjpa class from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. …

FasterXML jackson-databind openjpa Class Blocking Vulnerability Read More »

FasterXML jackson-databind axis2-jaxws Class Server-Side Request Forgery Vulnerability

A vulnerability in the FasterXML jackson-databind library could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks on a targeted system. The vulnerability exists because the affected software fails to block the axis2-jaxws class from polymorphic deserialization. An attacker could exploit this vulnerability by sending a request that submits malicious input to …

FasterXML jackson-databind axis2-jaxws Class Server-Side Request Forgery Vulnerability Read More »

Docker Engine Large Integer Denial of Service Vulnerability

A vulnerability in Docker Engine could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an excessive memory consumption condition in the affected system. An attacker could exploit this vulnerability by submitting large integers in the –cpuset-mems or –cpuset-cpus value on the …

Docker Engine Large Integer Denial of Service Vulnerability Read More »

systemd systemd-journald Journal Socket Entries Code Execution Vulnerability

A vulnerability in systemd could allow a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a stack-based buffer overflow condition in the systemd-journald system daemon of the affected software when a large number of entries are sent to the journal …

systemd systemd-journald Journal Socket Entries Code Execution Vulnerability Read More »

systemd systemd-journald Long Command Line Argument Privilege Escalation Vulnerability

A vulnerability in systemd could allow a local attacker to gain elevated privileges on a targeted system and execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to a stack-based buffer overflow condition in the systemd-journald system daemon of the affected software. An attacker could exploit this vulnerability by …

systemd systemd-journald Long Command Line Argument Privilege Escalation Vulnerability Read More »

systemd systemd-journald Log Message Parsing Local Information Disclosure Vulnerability

A vulnerability in systemd could allow a local attacker to access to sensitive information on a targeted system. The vulnerability is due to an out-of-bounds read condition in the systemd-journald system daemon of the affected software. An attacker could exploit this vulnerability by parsing a crafted log message on the targeted system. A successful exploit …

systemd systemd-journald Log Message Parsing Local Information Disclosure Vulnerability Read More »

Jenkins Form Submissions Processing Information Disclosure Vulnerability

A vulnerability in Jenkins could allow a local attacker to access sensitive information on a targeted system. The vulnerability exists due to an internal error that could cause the affected software to fail to process form submissions. An attacker could exploit this vulnerability to view the error message, which may include the serialized JavaScript Object …

Jenkins Form Submissions Processing Information Disclosure Vulnerability Read More »

VXFIBRE Appoints Steven Drake to Help UK FTTP Broadband Rollout

Swedish fibre optic builder VXFIBER, which is working to deploy a new 1Gbps open access FTTP broadband ISP network in Stoke-on-Trent (here), has appointed Steven Drake as its Senior Project Manager for the Midlands and North of England to help with their UK expansion plans. Steven previously worked at T-Systems, where he held positions as …

VXFIBRE Appoints Steven Drake to Help UK FTTP Broadband Rollout Read More »

Cisco targets mobile enterprise apps with geolocation technology

Cisco is rolling out a cloud-based geolocation package it expects will help customers grow mobile location services and integrate data from those services into enterprise analytics and business applications. The package, called DNA Spaces, is comprised of Cisco’s Connected Mobile Experience (CMX) wireless suite and enterprise geolocation technology purchased from July Systems. Cisco CMX is …

Cisco targets mobile enterprise apps with geolocation technology Read More »

Bootstrap Data-Target Attribute Cross-Site Scripting Vulnerability

A vulnerability in Bootstrap could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. The vulnerability exists in the data-target attribute of the affected software and is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a targeted user to follow a …

Bootstrap Data-Target Attribute Cross-Site Scripting Vulnerability Read More »

Wireshark EtherNet/IP Dissector Denial of Service Vulnerability

A vulnerability in the EtherNet/IP (ENIP) protocol dissector component of Wireshark could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by injecting a malformed packet …

Wireshark EtherNet/IP Dissector Denial of Service Vulnerability Read More »