76 matches found
CVE-2021-44204
The CVE-2021-44204 entry concerns a local privilege escalation via named pipes caused by improper access control checks. Affected Windows products and builds include: Acronis Cyber Protect 15 before 28035, Acronis Agent before 27147, Acronis Cyber Protect Home Office before 39612, and Acronis Tru...
PT-2021-16931 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 2.5.0 through 3.9.27 Description: An issue was discovered in the install action of com installer, where it lacks the required hardcoded ACL checks for superusers. However, a default system is not affected because the default...
[SECURITY] Fedora 32 Update: lynis-3.0.0-1.fc32
Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...
[SECURITY] Fedora 31 Update: lynis-3.0.0-1.fc31
Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...
CVE-2018-10919
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions...
Joomla! access control error vulnerability (CNVD-2020-20997)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 2.5.0 through 3.9.15, which stems from a failure to perform ACL checks for various...
EulerOS 2.0 SP2 : samba (EulerOS-SA-2019-2484)
According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated...
Improper access control
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...
CVE-2019-15803
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...
The vulnerability in the IOx application environment for the Cisco IOS operating system allows a hacker to elevate their privileges to the root level.
The vulnerability in the IOx application environment for the Cisco IOS operating system is related to errors during role-based access control checks. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root level...
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)
The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc1129179. CVE-2019-9213: expanddownwards in mm/mmap.c lacks a che...
openSUSE: Security Advisory for kernel (openSUSE-SU-2019:0203-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. bnc1120758. - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed...
Information disclosure
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are...
UBUNTU-CVE-2017-15365
sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)
This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3396-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3396-1 advisory. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a...
OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-860)
Incorrect enforcement of certificate path restrictions : It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using on...
[SECURITY] Fedora 26 Update: lynis-2.5.0-1.fc26
Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...