MGASA-2019-0102 Updated libreoffice packages fix security vulnerability

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document CVE-2018-16858. The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and...

CloudBees Jenkins Script Security Plugin Sandbox Bypass Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A sandbox bypass vulnerabilit...

Multiple Cross-Site Scripting Vulnerabilities in Ericsson Active Library Explorer

Ericsson Active Library Explorer is server-based software that allows users to browse Ericsson document libraries and documents using a standard Web browser. Ericsson Active Library Explorer has multiple cross-site scripting vulnerabilities. Due to the program failing to adequately filter...

Cisco HyperFlex Cross-Site Scripting Vulnerability

Cisco HyperFlex Software is the United States Cisco Cisco company's set of scalable distributed file system. The system provides unified computing, storage and networking through cloud management, and provides enterprise-class data management and optimization services. A cross-site scripting...

prometheus: Stored DOM cross-site scripting (XSS) attack via crafted URL

A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...

Microsoft Team Foundation Server Cross-Site Scripting Vulnerability (CNVD-2019-24386)

Microsoft Team Foundation Server is a source code management, project management, and team collaboration platform within an application lifecycle management ALM tool suite. A cross-site scripting vulnerability in Microsoft Team Foundation Server 2018 Update version 3.2, which stems from the progr...

SAP Web Intelligence BI LaunchPad Cross-Site Scripting Vulnerability

SAP Web Intelligence BI LaunchPad is a Java- or HTML-based user interface for use in BusinessObjects tools from SAP, Germany. The product is mainly used to perform analytical reporting and data analysis. A cross-site scripting vulnerability in SAP Web Intelligence BI LaunchPad versions 4.10 and...

CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2019-04919)

Cisco Firepower Management Center is a Cisco device management application. A cross-site scripting vulnerability exists in the web-based management interface in Cisco FMC, which arises from a program that fails to adequately validate user-submitted input, and can be exploited by a remote attacker...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2019-16512)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

Fedora 28 : 1:libreoffice (2019-cf9ddf9fff)

CVE-2018-16858 Directory traversal flaw in script execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

UBUNTU-CVE-2019-7352

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

Design/Logic Flaw

LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash...

Cross-site Scripting Vulnerability in Hitachi Device Manager

Overview A Cross-site Scripting Vulnerability was found in Hitachi Device Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Microsoft Team Foundation Server Cross-Site Scripting Vulnerability (CNVD-2019-24387)

Microsoft Team Foundation Server is a source code management, project management and team collaboration platform within the Application Lifecycle Management ALM suite of tools from Microsoft. The platform helps teams collaborate more flexibly and effectively and deliver high-quality software more...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

Cisco TelePresence is a telepresence conferencing solution developed by Cisco. A cross-site scripting vulnerability exists in the web-based management interface in Cisco TelePresence Management Suite TMS, which can be exploited by a remote attacker with the help of a specially crafted link to...

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

Design/Logic Flaw

HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...

CVE-2018-0665

CVE-2018-0665 affects Yamaha routers RT57i (≤8.00.95), RT58i (≤9.01.51), NVR500 (≤11.00.36), and RTX810 (≤11.01.31). The vulnerability allows an administrative user to embed arbitrary scripts into a configuration form field, which may be executed in another administrative user’s web browser. This...

CVE-2018-6110

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...