CVE-2018-19879

An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX e.g., RUT950 R31.04.89 before R00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login...

CVE-2023-34311

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit ...

CVE-2023-34311 Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit ...

CVE-2023-34311

The CVE-2023-34311 entry documents a vulnerability in Ashlar-Vellum Cobalt, where the untrusted pointer dereference occurs during parsing of CO files. The root cause is improper validation of a user-supplied value before dereferencing it as a pointer, enabling arbitrary code execution in the proc...

CVE-2023-34311 Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit ...

CVE-2020-19879

DBHcms v1.2.0 is vulnerable to a stored cross-site scripting (XSS) due to lack of input filtering on $_GET['dbhcms_pid'] in dbhcms\page.php (line 107). CVE-2020-19879 has CVSS v2 base 4.3 (NETWORK, MEDIUM) and CVSS v3.1 base 6.1 (NETWORK, MEDIUM) with user interaction required. Exploitation detai...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 contains a flaw where negation in certain policy expressions is parsed incorrectly. The issue has been fixed in version 0.10.2. Affected component: Sentinel policy evaluation/parsing; root cause: incorrect handling of negation in expressions. Impact details are lim...

CVE-2018-19879

An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX e.g., RUT950 R31.04.89 before R00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login...

CVE-2018-19879

CVE-2018-19879 affects Teltonika RTU9XX (e.g., RUT950) devices running firmware before R_*00.05.00.5, with /cgi-bin/luci authentication not protected from automated login attempts. An anonymous attacker can perform unlimited login attempts, enabling potential password cracking of targeted users. ...

openSUSE Security Update : glibc (openSUSE-2016-699)

This update for glibc fixes the following issues : - glob-altdirfunc.patch: Do not copy dname field of struct dirent CVE-2016-1234, boo969727, BZ 19779 - nss-dns-memleak-2.patch: fix memory leak in nssdnsgethostbyname4r boo973010 - nss-dns-getnetbyname.patch: fix stack overflow in...