8565 matches found
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...
The vulnerability of the adduser utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.
The vulnerability of the adduser utility in the Astra Linux operating system is related to an error in assigning mandatory integrity attributes, which prevents access to the user’s home directory. When creating a user, a level of integrity other than 0 was set for their home directory. Exploiting...
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...
The vulnerability of the dijit.Editor text editor module library simplifies the development of JavaScript- or AJAX-based applications and websites using the Dojo Toolkit. This vulnerability allows attackers to perform cross-site scripting attacks.
The vulnerability of dijit.Editor, a text editor that is part of the modular library for simplifying the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the unsafe use of the onload attribute for SVG elements. Exploiting this vulnerability could allo...
Wireshark 2.6.x < 2.6.3 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.3. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.3 advisory. - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could...
XSS vulnerability that affects bootstrap
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info...
MGASA-2019-0036 Updated aria2 package fixes security vulnerability
It was observed that URL's which gets downloaded via "--log=" attribute stores sensitive information. This update fixes that...
Denial Of Service (DoS)
bind is vulnerable to denial of service. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioni...
Cross-site Scripting (XSS)
python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descriptio...
Information Disclosure
IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...
Denial Of Service (DoS)
samba is vulnerable to denial of service. An integer overflow vulnerability allows an attacker to send a malicious Extended Attribute EA list to cause the server to utilize excessive amount of memory to loop and reprocess the list Samba, potentially crashing the process...
Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23272)
Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability in the data-target attribute in Bootstrap version 3.x before 3.4.0 and version 4.x-beta before 4.0.0-beta.2 can be exploited by remote attackers to inject arbitrary...
Detecting Insecure Cookies with Qualys Web Application Scanning
Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
Code injection
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...