510 matches found
UBUNTU-CVE-2019-11356
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...
CVE-2019-8351
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate...
CloudBees Jenkins Token Macro Plugin Multiple Denial of Service Vulnerabilities
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Token Macro Plugin is used in one of the...
Intel System Support Utility for Windows Elevation of Privilege Vulnerability
Intel System Support Utility for Windows is a Windows platform-based system support utility from Intel USA. The program is mainly used to identify the hardware model, operating system version and software installed on the computer. A security vulnerability exists in versions of Intel System Suppo...
PT-2018-15295 · Eclipse · Rdf4J
Name of the Vulnerable Software and Affected Versions: RDF4J versions 2.4.2 through 2.4.2 RDF4J versions prior to 2.5.0 Description: The issue allows Directory Traversal via ../ in an entry in a ZIP archive. Recommendations: For RDF4J version 2.4.2, update to version 2.5.0 or later. For RDF4J...
PT-2018-2518
Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.14 Ansible versions prior to 2.6.11 Ansible versions prior to 2.7.5 Description The issue is related to a information disclosure flaw in vvv+ mode when no log is on, which can lead to the leakage of sensitive data...
Cross-Site Request Forgery Vulnerability in Joomla!
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site request forgery vulnerability exists in cominstaller in Joomla! versions 2.5.0 through 3.8.12. A remote attacker can exploit this...
Red Hat Libvirt Denial of Service Vulnerability (CNVD-2018-16495)
Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat Libvirt versions...
Code Execution Vulnerability in PESCMSDOC Document Management System
PESCMS DOC is a document system based on PESCMS 2.5. PESCMSDOC document management system code execution vulnerability, an attacker can use the vulnerability to execute remote code...
Dicoogle PACS File Inclusion Vulnerability
Dicoogle is an open source medical image repository with a scalable indexing system and distributed mechanism. A file inclusion vulnerability exists in Dicoogle PACS version 2.5.0 that allows an attacker to read arbitrary files accessible to web users...
ALPINE-CVE-2018-10855
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...
radare2 denial of service vulnerability (CNVD-2018-12201)
Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the rreadle32 function in radare2 2.5.0. A remote attacker can...
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...
GnuPG Security Bypass Vulnerability
GnuPG GNU Privacy Guard is a suite of open source encryption software developed by the GNU Project under the GNU General Public License. The software supports public key, symmetric encryption, hashing and other algorithms. A security vulnerability exists in GnuPG version 2.2.4 and 2.2.5, which...
CVE-2018-1238
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...
IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01133)
IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages. An attacker can use this...
CVE-2017-1665
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559...
Leanote Cross-Site Scripting Vulnerability
Leanote is an open source notepad application. A cross-site scripting vulnerability exists in Leanote 2.5 and earlier versions, which stems from the program failing to filter input in markdown comments. A remote attacker can use this vulnerability to inject arbitrary web script or HTML...
Mozilla: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 (MFSA 2017-25)
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird...
nodejs ejs cross-site scripting vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...