Authentication flaw

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

CVE-2018-7067

Aruba ClearPass Policy Manager vulnerability CVE-2018-7067 is an authentication bypass in the administrative API that can lead to complete cluster compromise. A remote attacker who can reach the admin web interface via the API can bypass authentication and take control of the entire ClearPass clu...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

Virtuozzo 6 : freeradius / freeradius-krb5 / freeradius-ldap / etc (VZLSA-2017-1759)

An update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

SUSE SLES11 Security Update : salt (SUSE-SU-2018:3813-1)

This update for salt fixes the following issues : Salt was updated to version 2016.11.10 and contains the following fixes : Security issues fixed : CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. CVE-2018-15751: Fixed remote authentication bypass in salt-apinetapi...

CVE-2018-19437

CVE-2018-19437 affects UCMS 1.4.7. The vulnerability allows remote authenticated users to change the administrator password via cookie-based authentication: $COOKIE['admin '.cookiehash] can be set to arbitrary non-empty values. This is the root cause and leads to admin access compromise. CVSS det...

SUSE-SU-2018:3811-1 Security update for SUSE Manager Server 3.1

This update includes the following new features: - Add support for postgresql 10 fate325659 This update fixes the following issues: py26-compat-salt: - Update Salt version to 2016.11.10 - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api bsc1113698. - CVE-2018-15751: Fixed remot...

CVE-2018-0686

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote authenticated attackers to upload and execute any executable files via unspecified vectors...

CVE-2018-15709

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2018-19110

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization chec...

CVE-2018-19109

CVE-2018-19109 affects Tianti 2.3. A remote authenticated user can bypass intended permission restrictions by directly visiting the admin path tianti-module-admin/cms/column/list to read the column list page or edit a column. The available connected sources consistently describe a privilege-restr...

glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message

A buffer overflow on the heap was found in gfgetspecreq RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node...

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

CVE-2018-14652

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...

glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service...

CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

UBUNTU-CVE-2018-15751

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

CVE-2018-12669

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi...

CVE-2018-0059 ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2018-17341

BigTree 4.2.23 on Windows is affected. When Advanced or Simple Rewrite routing is enabled, authentication can be bypassed via a ..\ substring in the URL (example: launch.php?bigtree_htaccess_url=admin/images/..). This is a remote-auth bypass vulnerability described across NVD, Red Hat, OSV, CVE d...