An attacker can make many connections over a short time to trigger this. Please refer to the Axis security advisory for more information and solution.Įhttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. Axis has released patched AXIS OS versions for the highlighted flaw. To Axis' knowledge, there are no known exploits of the vulnerability at this time. The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in adminsĭuring internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.Ī time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |