The vulnerability of the Certificate Management Server component in the Network Security Services library allows a perpetrator to trigger a service failure.

The vulnerability of the Certificate Management Server CMS component in the NSS library set is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2019-3849

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

UBUNTU-CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

Design/Logic Flaw

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

CVE-2019-3850

Moodle prior to 3.6.3, 3.5.5, 3.4.8 and 3.1.17 is affected by CVE-2019-3850. The issue arises because links in assignment submission comments could be opened in the same browser window, and without a no-referrer policy this can be exploited. Affected versions, impact details, and CVSS metrics are...

CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

(0Day) (Pwn2Own) Google Android Contacts Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

The vulnerability of the fly-admin-autostart utility for configuring automatic startup of programs in the Astra Linux operating system, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the fly-admin-autostart utility for configuring automatic startup of programs in the Astra Linux operating system is related to the lack of checking for the value of a pointer being set to NULL. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2018-12014

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer...

CVE-2019-1000001

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

Design/Logic Flaw

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

CVE-2019-1000001

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

Zero Trust and the Case for Application Microsegmentation

Data breaches have become incessant. Recently, a very popular airline sevices company revealed a suspected breach involving customer credit card information. Even more recently, a hospital in Indiana reported that a virus had infected some of its systems that caused the hospital to be placed on...

Incorrect Permission Assignment for Critical Resource in Apache hive

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

insufficient TLB flushing / improper large page mappings with AMD IOMMUs

ISSUE DESCRIPTION In order to be certain that no undue access to memory is possible anymore after IOMMU mappings of this memory have been removed, Translation Lookaside Buffers TLBs need to be flushed after most changes to such mappings. Xen bypassed certain IOMMU flushes on AMD x86 hardware...

CVE-2018-18585

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

Authentication flaw

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller WLC Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The...

NUUO CMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...