CVE-2017-2600

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

CVE-2017-2600

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

CVE-2017-2600

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

CVE-2018-3661

Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service...

CVE-2018-3661

CVE-2018-3661 is a buffer overflow vulnerability in Intel system Configuration utilities selview.exe and syscfg.exe prior to version 14 build 11 that allows a local attacker to crash the affected services, potentially causing a denial of service. Multiple connected sources corroborate the same is...

Buffer Overflow in System Configuration Utilities

Summary: Buffer overflow in Intel® system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. 5.5 Medium CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: Versions of...

[SECURITY] Fedora 28 Update: setup-2.11.4-1.fc28

The setup package contains a set of important system configuration and setup files, such as passwd, group, and profile...

Arbitrary File Download Vulnerability in CLTPHP Version 5.5.3

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. CLTPHP 5.5.3 version exists arbitrary file download vulnerability, an attacker can exploit the vulnerability to construct parameters to download arbitrary server files, such as script code,...

CVE-2018-2373

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...

CVE-2018-2373

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...

CVE-2018-2373

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...

Node.js third-party modules: [lactate] Static Web Server Directory Traversal via Crafted GET Request

Hi @vdeturckheim, A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. Module specification Name: lactate Version: 0.13.12 latest release build Verified conditions...

Node.js third-party modules: [featurebook] Specification Server Directory Traversal via Crafted Browser Request

Hi, A crafted request can be leveraged to traverse the directory structure of a host using the featurebook server package, and request arbitrary files outside of the specified web root. Module specification Name: featurebook Version: 0.0.32 latest release build Verified conditions Test server:...

iProtect Server Default Credentials (SSH)

The remote iProtect server is using known default credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dayrui FineCms v5/config/system.php File Upload Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. An upload vulnerability exists in the v5/config/system.php file in dayrui FineCms version 5.2.0, which is caused by the program...

ZTE ZXR10 Router < 3.00.40 Multiple Vulnerabilities

ZTE ZXR10 Router devices have a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: systemd-233-7.fc26

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

Command injection

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...