CVE-2018-16093

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2018-16097

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate...

Design/Logic Flaw

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2018-16093

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2018-9072

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads...

CVE-2018-16093

CVE-2018-16093 affects Lenovo XClarity Integrator for VMware prior to version 5.5. An authenticated user can write to arbitrary system files due to insufficient filtering during backup file uploads. CNVD/NVD entries corroborate this behavior. Remediation: upgrade LXCI for VMware to version 5.5 or...

CVE-2018-16093 LXCI for VMware

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

Information disclosure

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI...

Denial of service

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the...

CVE-2018-15772

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the...

CVE-2018-15772 Dell EMC RecoverPoint Uncontrolled Resource Consumption Vulnerability

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the...

SUSE-SU-2018:3456-1 Security update for xorg-x11-server

This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges bsc1111697 Non security issues fixed: - Do not write past the allocated buffer. bsc107838...

Design/Logic Flaw

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service DoS condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specifi...

CVE-2018-11048

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...

CVE-2017-3209

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem...

AMD Driver Installer and Gaming Evolved Product plays.tv Service Write File Vulnerability

AMD driver-installation packages and Gaming Evolved products are both products of AMD, Inc. AMD driver-installation packages are a set of driver installation packages for AMD graphics cards. Gaming Evolved products are game optimization products. plays.tv is one of the game recording and sharing...

Design/Logic Flaw

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate...

Design/Logic Flaw

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...

CVE-2018-7235

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...

CVE-2018-7235

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...