CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

CVE-2016-10716

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspaperiod/month URI...

CVE-2016-10715

The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7/kanban-view URI...

Information disclosure

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspaperiod/month URI...

CVE-2016-10716

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspaperiod/month URI...

CVE-2016-10716

The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspaperiod/month URI...

SQLite -- Corrupt DB can cause a NULL pointer dereference

MITRE reports: SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

PT-2018-3974 · Google +2 · Android Kernel +2

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to a possible use after free due to a race condition in the pppol2tp create function of l2tp ppp.c. This could lead to local escalation of privilege,...

CVE-2018-7205

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0385-1)

This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's...

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...

[SECURITY] Fedora 27 Update: moodle-3.3.4-1.fc27

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

tandra.com XSS vulnerability

Open Bug Bounty ID: OBB-549142 Description| Value ---|--- Affected Website:| tandra.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Atlassian JIRA 'Jira-importers-plugin' Cross-Site Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace.Jira-importers-plugin is one of the plugins used to provide the core functionality of the Atlassian product. A cross-site request...

CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

CVE-2017-10282

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to...

Various Cross-site request forgery(CSRF) vulnerabilities in the Jira-importers-plugin - CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2018-02269)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collections and other features. oracle WebCenter Content is one of the enterprise content management solution...

New Relic: User to Admin privilege escalation in Infrastructure Conditions - /v2/accounts/1835740/alerts/conditions

Details The endpoints POST /v2/accounts/:accountid/alerts/conditions create new and PUT /v2/accounts/:accountid/alerts/conditions/:conditionid update existing on infrastructure-alert.service.newrelic.com are vulnerable to privilege escalation. As per the screenshot below, an account with regular...