CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...

UBUNTU-CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...

openSUSE Security Update : pam (openSUSE-2019-971)

This update for pam fixes the following issue : Security issue fixed : - CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. This update was imported from the SUSE:SLE-15:Update update project...

How to Modify the Subnet IP (SNIP) and NetScaler IP (NSIP) on a NetScaler High Availability Pair

This article describes how to change the Subnet IP SNIP address and NetScaler IP NSIP address for a secondary or primary appliance of a high availability setup. Background You might want to change the SNIP and NSIP on an appliance because of the changes in the network setup or a redundant pair of...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

Summary (CVE-2019-1000010): phpIPAM versions 1.3.2 and earlier contain a Cross Site Scripting (XSS) vulnerability in the subnet-scan-telnet.php component. The issue allows an attacker to craft a link that, when visited by a user, can execute code in the victim’s browser. The vulnerability’s impac...

ALPINE-CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

UBUNTU-CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

openSUSE Security Update : pam (openSUSE-2018-1511)

This update for pam fixes the following issue : Security issue fixed : - CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. This update was imported from the SUSE:SLE-15:Update update project...

Micro Focus openSUSE Leap and SUSE Linux Enterprise PAM Access Bypass Vulnerabilities

Micro Focus openSUSE Leap and SUSE Linux Enterprise are both different versions of the Linux operating system from Micro Focus in the U.K. PAM is one of the Pluggable Authentication Modules. An access bypass vulnerability exists in Micro Focus openSUSE Leap version 15.0 and PAM version 1.3.0 in...

TOTOLINK A3002RU System Command Injection Vulnerability (CNVD-2018-26645)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A command injection vulnerability exists in formAliasIp in TOTOLINK A3002RU version 1.0.8. An attacker can exploit this vulnerability to execute system commands with the help of the 'subnet' POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

DEBIAN-CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...

UBUNTU-CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...