CVE-2019-6133

In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...

CVE-2019-6133

CVE-2019-6133 affects PolicyKit (polkit). A local attacker could bypass authentication by exploiting a race during fork() where authorization decisions were cached and not atomically tied to the correct process, due to missing UID checks in polkitbackendinteractiveauthority.c. The issue has been ...

CVE-2019-6133

In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...

CVE-2019-6133

In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...

CVE-2019-0088

Insufficient path checking in IntelR System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2019-0088

Insufficient path checking in IntelR System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2019-0088

Intel System Support Utility for Windows prior to 2.5.0.15 is affected by CVE-2019-0088 due to insufficient path checking, enabling an authenticated user to potentially escalate privileges via local access. The vulnerability is documented across CVE records and Intel’s advisory, which confirms af...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1004)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect free logic in pagedevice replacement 699664 CVE-2018-16541 - ghostscript: Incorrect 'restoration of privilege'...

GHSA-QQV6-5W6P-3PGR Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...

Fedora 29 : zchunk (2018-7d138cfd7b)

This update does sanity checking when an application passes in a checksum to verify. Before this release, applications could pass in non-hex values for the checksum, which could cause zchunk to crash. Now non-hex values will be rejected. Note that Tenable Network Security has extracted the...

Fedora 28 : webkit2gtk3 (2018-97c58e29e4)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...

Unrestricted file upload

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed...

CVE-2018-20166

CVE-2018-20166 — Rukovoditel 2.3.1 file-upload PM/CRM vulnerability Affects: Rukovoditel Project Management CRM version 2.3.1. The flaw is in index.php?module=configuration/save, where extension checks are mishandled and a PHP payload can be uploaded as a background image (e.g., PHP content with ...

CVE-2018-20594

An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java...

EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2018-1412)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...

CVE-2018-5196

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution...

CVE-2018-5196

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution...

CVE-2018-5196 Alzip Stack Overflow Vulnerability

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution...