Description: A kernel use-after-free vulnerability was identified in the XFRM netlink subsystem.There is an out-of-bounds array access in __xfrm_policy_unlink, which causes denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. This vulnerability also leads to local privilege escalation.This issue was assigned under CVE-2019-15666. For more details about the vulnerability please visit here. Affected Products: … Continue reading “Linux Kernel Use-After-Free Vulnerability”
Author: Vivek Chanchal
PhpUnit Remote Command Execution Vulnerability
Summary: PHPUnit is widely used testing framework for PHP. A remote code execution vulnerability was discovered in Util/PHP/eval-stdin.php in that allows remote attackers to execute arbitrary PHP code. This issue was assigned under CVE-2017-9841. Affected Versions: PHPUnit versions from 4.8.19 before 4.8.28 and from 5.0.10 before 5.6.3 Description: CVE-2017-9841 is a code execution vulnerability in … Continue reading “PhpUnit Remote Command Execution Vulnerability”
Mozilla Firefox And Firefox ESR Type Confusion Vulnerability
Summary: Mozilla Firefox and Firefox Extended Support Release (ESR) suffer from Type Confusion Vulnerability which could allow for arbitrary code execution. Depending on the privileges of the user, an attacker could install, view, change, or delete data, or create new accounts with full user rights. This issue was assigned under CVE-2019-17026. Description: Recently a Type … Continue reading “Mozilla Firefox And Firefox ESR Type Confusion Vulnerability”
Intel Processors CacheOut Vulnerability
Summary: Intel(R) Processors suffer from information disclosure vulnerability via Cache Evictions named as CacheOut Vulnerability. An issue was discovered in Intel processors due to Cleanup errors in some data cache evictions that allow an authenticated user to potentially enable information disclosure via local access. This was assigned under CVE-2020-0549. Description: Recently, researchers have discovered vulnerability … Continue reading “Intel Processors CacheOut Vulnerability”
Linear eMerge E3 Multiple Security Vulnerabilities
Nortek has announced a critical vulnerabilities in Linear eMerge E3-Series. The vulnerabilities exists because the affected product fails to sanitize HTTP request parameter values, which can be used to construct a shell commands. This allows an attacker to execute arbitrary commands on the affected system as a root. Below CVE id’s has been assigned to … Continue reading “Linear eMerge E3 Multiple Security Vulnerabilities”
OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)
Summary: Recently there was a discovery of vulnerabaility tracked as (CVE-2020-7247) in OpenSMTPD, OpenBSD’s mail server. This vulnerability was exploitable since May 2018 (commit a8e222352f, “switch smtpd to new grammar”) that allows an attacker to execute arbitrary shell commands, as root: >> either locally, in OpenSMTPD’s default configuration (that listens on loopback interface and only … Continue reading “OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)”
SUDO Security Policy Bypass Vulnerability
Sudo is one of the most important and widely used core command that allows a permitted user to execute a command as the superuser or with other user privileges. It is basically used to allow unprivileged users to execute commands as root. Summary: The vulnerability found in sudo security policy bypass issue that could allow … Continue reading “SUDO Security Policy Bypass Vulnerability”
Atlassian Jira Server SSRF Vulnerability
Atlassian Jira Server is vulnerable to Server Side Request Forgery (SSRF). The vulnerability affects Jira Core and Jira Software versions 7.6.0 prior to 8.4.0. CVE 2019–8451 has been assigned to track this vulnerability. Thousands of Jira Servers are potentially affected by this vulnerability. Vulnerability Details: The vulnerability was found in the Atlassian Jira /plugins/servlet/gadgets/makeRequest resource … Continue reading “Atlassian Jira Server SSRF Vulnerability”