31 matches found
CVE-2020-35488
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service daemon crash via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslo...
Design/Logic Flaw
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuratio...
Linux: Read /etc/login.defs (KB)
The /etc/login.defs file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation. Note: This script only stores information for other Policy Controls...
Arbitrary File Read Vulnerability in Specific Configurations of phpMyAdmin
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An arbitrary file read vulnerability exists in a...
CVE-2018-9531
In AudioSpecificConfigParse of tpdecasc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android...
Unsafe deserialization in confire
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
Input validation
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
CVE-2017-1519
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829...
IBM DB2 Denial of Service Vulnerability (CNVD-2017-33609)
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM DB2 versions 10.5 and 11.1. A remote attacker could...
DSA-2411-1 mumble - information disclosure
Bulletin has no description...