CVE-2020-18658

Cross Site Scriptiong XSS vulnerability in GetSimpleCMS =3.3.15 via the timezone parameter to settings.php...

CVE-2019-18658

In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service DoS via a special file such as /dev/urandom, via...

CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue...

CVE-2022-42389

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-42389

PDF-XChange Editor contains a vulnerability in U3D file parsing where crafted data can trigger a read past the end of an allocated buffer, allowing remote disclosure of sensitive information. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and, in co...

openSUSE: Security Advisory for helm-mirror (SUSE-SU-2022:1888-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:1888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2022:1888-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1888-1 advisory. - In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a...

SUSE-SU-2022:1888-1 Security update for helm-mirror

This update for helm-mirror fixes the following issues: - Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files bsc1156646...

CVE-2020-18658

CVE-2020-18658 is a cross-site scripting vulnerability in GetSimpleCMS, affecting versions ≤ 3.3.15. The XSS is triggered via the timezone parameter in settings.php, allowing an attacker to inject malicious script. Connected sources also reference that GetSimple CMS versions earlier than 3.3.16 a...

CVE-2019-18658

creationtimestamp| type| source ---|---|--- 2020-04-29 10:20:31+00:00| seen| https://t.me/k8security/40 2024-02-11 11:36:48+00:00| seen| https://t.me/ctinow/182755...

CVE-2017-18658

Samsung mobile devices running M(6.0) software are affected by CVE-2017-18658 via the multiwindow_facade API. The vulnerability allows an attacker to cause a NullPointerException and system halt by attempting a screen touch on a non-existing display. Affected component and root cause are noted as...

CVE-2019-18658

The CVE-2019-18658 issue concerns Helm 2.x before 2.15.2, where commands loading a chart as a directory or packaging could be exploited by a malicious chart to leak sensitive content (e.g., /etc/passwd) or trigger DoS via symlinks to files like /dev/urandom. It is described as a client‑side issue...

Product update: Virtuozzo Infrastructure Platform 2.5 Update 5 (2.5.0-1639)

This update provides a new feature as well as stability and usability fixes. Vulnerability id: VSTOR-20558 The same data path ID was assigned to VLAN interfaces in OVS bridges. Vulnerability id: VSTOR-20913 Unable to update storage license. Vulnerability id: VSTOR-21089 Under certain circumstance...

CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection UDP through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue...

CVE-2018-18658

Arcserve UDP before and including 6.5 Update 4 is affected by an unauthenticated information disclosure via the file path /UDPUpdates/Config/FullUpdateSettings.xml (DDI-VRT-2018-20). This CVE (CVE-2018-18658) enables an unauthenticated disclosure of sensitive information in the affected deploymen...