Vulnerability & Exploit Database

Displaying entries 151 - 160 of 135100 in total

ISC BIND: A rarely-used feature in BIND has a flaw which can cause named to exit with an INSIST assertion failure. (CVE-2018-5740) Vulnerability

  • Severity: 4
  • Published: August 10, 2018

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an INSIST assertion failure...

Amazon Linux AMI: CVE-2018-5391: Security patch for kernel (ALAS-2018-1058) Vulnerability

  • Severity: 4
  • Published: August 10, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ALAS-2018-1058:

Fixes for L1Terminal Fault security issues:

L1 Terminal Fault-OS/ SMM: Systems with microprocessors utilizing speculative execu...

Amazon Linux AMI: CVE-2018-3646: Security patch for kernel (ALAS-2018-1058) Vulnerability

  • Severity: 5
  • Published: August 10, 2018

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Amazon Linux AMI: CVE-2018-3620: Security patch for kernel (ALAS-2018-1058) Vulnerability

  • Severity: 5
  • Published: August 10, 2018

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Debian: CVE-2018-10925: postgresql-9.6 -- security update Vulnerability

  • Severity: 4
  • Published: August 09, 2018

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "IN...

Debian: CVE-2018-10915: postgresql-9.6 -- security update Vulnerability

  • Severity: 4
  • Published: August 09, 2018

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain acces...

HP iLO: CVE-2018-7093: Denial of Service Vulnerability

  • Severity: 4
  • Published: August 08, 2018

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.