openSUSE Security Update : singularity (openSUSE-2018-1223)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...

Security update for haproxy (important)

This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 - CVE-2018-11469...

Viprinet VPN Hub Router Cross-Site Scripting Vulnerability

Viprinet VPN Hub Router is a multiplexed VPN router product from Viprinet Europe, Germany. The Viprinet VPN Hub Router suffers from a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms in the CLI interface. By exploiting this...

Viprinet VPN Hub Router Cross Site Scripting Vulnerability

Exploit for php platform in category web applications New Hope Team identified a stored XSS in Viprinet VPN Hub Router. Overview: Input validation and output escaping mechanisms are missing for CLI interface. Stored XSS is possible. By exploiting that vulnerability an attacker can obtain sensitiv...

Viprinet VPN Hub Router Cross Site Scripting

SD-WAN New Hope Team identified a stored XSS in Viprinet VPN Hub Router. Overview: Input validation and output escaping mechanisms are missing for CLI interface. Stored XSS is possible. By exploiting that vulnerability an attacker can obtain sensitive information e.g., private key or modify a...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

Red Hat Ceph Storage ceph-isci-cli package remote command injection vulnerability

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat, Inc. ceph-isci-cli is one of the command-line programs. A security vulnerability exists in the ceph-isci-cli package in Red Hat Ceph Storage versions 2 and 3. An attacker could use this vulnerabilit...

[ASA-201810-9] wireshark-cli: multiple issues

Arch Linux Security Advisory ASA-201810-9 ========================================= Severity: High Date : 2018-10-12 CVE-ID : CVE-2018-12086 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 Package : wireshark-cli Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-779 Summa...

Cisco Firepower System Software Command Execution Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A privilege-granting and access-control vulnerability exists in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors, which ste...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

Design/Logic Flaw

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

CVE-2018-14649

Summary of CVE-2018-14649 : The ceph-isci-cli package in Red Hat Ceph Storage versions 2 and 3 runs the rbd-target-api Python app with Werkzeug in debug mode, exposing an unauthenticated debug shell. This allows remote command execution with the privileges of the running process (often root) via ...

Fedora 27 : mediawiki (2018-edf90410ea)

https://www.mediawiki.org/wiki/Releasenotes/1.29MediaWiki1.29.3 - T169545, CVE-2018-0503 SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - T194605, CVE-2018-0505 SECURITY: BotPasswords can bypass CentralAuth's account lock. - T180551 Fix LanguageSrTest for language converter - T18055...

PT-2018-12640 · Pallets Projects +1 · Python-Werkzeug +1

Name of the Vulnerable Software and Affected Versions: Red Hat Ceph Storage versions 2 and 3 Description: The issue allows unauthenticated attackers to access a debug shell and escalate privileges. This is due to the ceph-isci-cli package using python-werkzeug in debug shell mode, enabled by...

CVE-2018-0481

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0477

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0453

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

CVE-2018-0453

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...