112 matches found
CVE-2022-0486 Privileged Command Injection Vulnerability in Fidelis Network and Deception
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...
CVE-2022-0486
CVE-2022-0486 affects Fidelis Network and Deception components (CommandPost, Collector, Sensor, Sandbox) where improper file permissions allow a locally privileged attacker to modify affected files and escalate to root. Affected versions are Fidelis Network and Deception prior to 9.4.5; patches/u...
Mageia: Security Advisory (MGASA-2017-0486)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0486)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-0486
CVE-2021-0486 concerns Android 10–11 where, in the PermissionManagerService.java more precisely in onPackageAddedInternal, there is a permissions bypass that allows possible access to external storage. The root cause is a local-elevation-of-privilege path that does not require user interaction. T...
CVE-2021-0486
In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
SUSE: Security Advisory (SUSE-SU-2018:0720-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 (RHSA-2021:0486)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0486 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as...
CVE-2020-0486
CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...
RHEL 8 : freetype (RHSA-2020:4949)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4949 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...
Security Bulletin: April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products
Summary Multiple N series products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE JDK and JRE versions below 8u45, 7u79 and 6u95 and OpenJDK versions below 1.7.0.79 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized...
CVE-2014-0486
Knot DNS allows remote DoS via a crafted DNS message in versions before 1.5.2, causing application crash. The issue affects Knot DNS when processing DNS messages; no remediation or mitigation details are provided in the supplied documents.
SUSE SLES12 Security Update : xmltooling (SUSE-SU-2018:0140-1)
This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 Note that...
Design/Logic Flaw
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...
SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0486-1)
This update for ImageMagick fixes the following issues : - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service memory leak via a crafted file. bsc1042824 - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick...
openSUSE Security Update : xmltooling (openSUSE-2018-65)
This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 This upda...
openSUSE: Security Advisory for xmltooling (openSUSE-SU-2018:0158-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Shibboleth 2 XML Injection
Advisory: Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the...
CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...
DEBIAN-CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...