Information disclosure

On MX Series and M120/M320 platforms configured in a Broadband Edge BBE environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem...

CVE-2018-0057 Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in with Option 50 (Requested IP Address)

On MX Series and M120/M320 platforms configured in a Broadband Edge BBE environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem...

Node.js: Pull Request #12949 - Security Implications without CVE assignment

Summary: Pull Request 12949 has security implications but it was not assigned a CVE by the Node team. It is being reported by Qualys as a 6.8 severity issue without a CVE. Description: Here is the commit and pull request - https://github.com/nodejs/node/commit/010f864426...

CVE-2018-1353

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom...

Information disclosure

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom...

FortiManager allows unauthorized viewing of vdoms settings by any adom standard users

A standard user with adom assignment can read the interface settings of vdoms unrelated to his/her adom...

Input validation

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action...

CVE-2017-7535

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action...

CVE-2017-7535

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action...

CVE-2017-7535

Foreman prior to version 1.16.0 is vulnerable to a stored XSS in the organizations/locations assignment to hosts. Exploitation requires a user to assign hosts to an organization whose name contains HTML, which is visible to the user before action is taken. The CVE is documented across multiple so...

WEM 4.5 - Users are not Getting Desktop Icons Assigned from WEM

Users are not getting Desktop icons assigned from WEM. Icons should be copied to the user's Desktop from a shared folder as per Action/Assignment configured from WEM server...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none...

Mercurial has Incorrect Permission Assignment for Critical Resource

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...

The vulnerability of Qualcomm Multimode Call Processing Services in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Qualcomm Multimode Call Processing Services in the Android operating system is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Dialogic PowerMedia XMS Privilege Assignment Vulnerability

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A privilege assignment vulnerability in Dialogic PowerMedia XMS 3.5 and...

CVE-2018-11642

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

Code injection

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

CVE-2018-11642

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

CVE-2018-11642

CVE-2018-11642 affects Dialogic PowerMedia XMS (3.5 and earlier). The flaw is an incorrect privilege assignment in the /var/www/xms/cleanzip.sh shell script that runs periodically, enabling a local attacker to execute code with root privileges. Connected documents corroborate the local-privation ...

TP-Link TL-WR841N V13 Cross Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Vulnerability: Cross-Site Request Forgery Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Overview The web interface of the router is vulnerable to CSRF. An...