RSS   Vulnerabilities for
'Active iq performance analytics services'
   RSS

2019-03-25
 
CVE-2019-7612

CWE-255
 

 
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

 
2019-03-23
 
CVE-2019-9948

CWE-254
 

 
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

 
2019-03-21
 
CVE-2019-7222

CWE-200
 

 
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

 
 
CVE-2019-7221

CWE-416
 

 
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

 
 
CVE-2019-6454

CWE-119
 

 
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

 
 
CVE-2018-19985

CWE-125
 

 
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

 
2019-01-14
 
CVE-2018-16888

CWE-264
 

 
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.

 
2019-01-11
 
CVE-2018-16866

CWE-125
 

 
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

 
2019-01-07
 
CVE-2019-5489

CWE-200
 

 
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

 
2018-12-13
 
CVE-2018-19039

CWE-200
 

 
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.

 


Copyright 2019, cxsecurity.com

 

Back to Top