Citrix XenMobile 10.x Multiple Security Updates

Description of Problem A number of security vulnerabilities have been identified in Citrix XenMobile Server. The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8: CVE-2018-10653 High: XML External Entity XXE Processing Vulnerability in Citrix...

Input validation

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

PT-2018-10244 · Red Hat · Openshift Enterprise

Name of the Vulnerable Software and Affected Versions: Openshift Enterprise versions 3.x Description: A flaw was found in the source-to-image function, specifically in the improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go, which leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

CVE-2018-1102

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. Mitigation Customers can turn off the source-to-image S2I build strategy to prevent access ...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary commands.

The vulnerability of the “go get” command in the Go programming language exists due to insufficient validation of input data insufficient checking of the import path when using the “-insecure” option. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a...

CVE-2018-2366

SAP Business Process Automation BPA By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs...

Input validation

SAP Business Process Automation BPA By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs...

CVE-2018-2380

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs...

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

Node.js third-party modules: [stattic] Inproper path validation leads to Path Traversal and allows to read arbitrary files with any extension(s)

I would like to report Path Traversal in stattic module. It allows to read content of some arbitrary files from the server where stattic is installed and run. Module module name: stattic version: 0.2.3 npm page: https://www.npmjs.com/package/stattic Module Description Ridiculous simple script for...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The library does not properly validate the import path when the -insecure flag is used for the go get command. This allows a malicious user to execute arbitrary commands through the use of a malicious website...

UBUNTU-CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

CVE-2018-1162

This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...

HPE Intelligent Management Center PLAT Remote Code Execution Vulnerability (CNVD-2018-03951)

HPE Intelligent Management Center iMC PLAT is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services and users. A remote code execution vulnerability...

cpio security bypass vulnerability

cpio is a set of file backup tools developed by the GNU Project for use in the UNIX operating system and as a file format. The tool supports depositing and reading files from cpio or tar-formatted archive packages. A security vulnerability exists in cpio 2.7 and later versions, which stems from t...

CVE-2017-16610

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within uploadsavedo.jsp. The issue results from the lack of proper validation of a...