CVE-2017-11516

The CVE-2017-11516 entry describes an XSS in Yii Framework 2.0.12: framework/views/errorHandler/exception.php mishandles $exception->errorInfo, enabling XSS on the exception screen when debug mode is enabled. The description and related references indicate this is a framework component-level i...

CVE-2016-4996

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, ...

Fedora 26 : webkitgtk4 (2017-dfaf0ca892)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Fedora 26 : php-pear-CAS (2017-2f3096ba16)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

PT-2017-8642 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 6.2 Description: The issue allows local users with access to the system journal to obtain the root password by reading the system journal or by clicking Logs on the console, when the ssh service has been enabled on...

Fedora 24 : libmtp (2017-d26266eb32)

libmtp 1.1.13 ============= Christophe Vu-Brugier 1 : - added GoPro HERO5 Black Emeric Grange 2 : - added GoPro HERO5 Session - rename F5321 into XPeria X Compact Gaute Hope 2 : - add GoPro Hero+ - add mtp-detect for GoPro Hero+ Jerry Zhang 1 : - Update Google device strings, add PTP+ADB id Marcu...

Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0294)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

DEBIAN-CVE-2017-11190

unrarlib.c in unrar-free 0.0.1, when DEBUGLOG mode is enabled, might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via an RAR archive containing a long filename...

QEMU debug logging stack buffer overflow vulnerability

QEMU is an open source emulator software. Qemu supports usb-redirect with a stack buffer overflow vulnerability in debug logging, which allows local attackers to exploit the vulnerability by submitting specially crafted requests to crash a QEMU instance...

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure Vulnerability

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell

KL-001-2017-010 : Barracuda WAF Early Boot Root Shell Title: Barracuda WAF Early Boot Root Shell Advisory ID: KL-001-2017-010 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-010.txt 1. Vulnerability Details Affected Vendor: Barracuda Affect...

Barracuda WAF Internal Development Credential Disclosure

Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code, CWE-200: Information Exposure Impact: Privileged Access Attack vector: Code Review 2...

Multiple Lenovo VIBE phones privilege access vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

Multiple Lenovo VIBE phones elevation of privilege vulnerability

Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...

Microsoft Machine Debug Manager (mdm) DLL Hijacking

Microsoft Machine Debug Manager mdm DLL side loading vulnerability Vulnerability: DLL Hijacking / DLL Side Loading Advisory URL: https://ipositivesecurity.com/2017/06/15/microsoft-machine-debug-manager-mdm-insecure-library-loading-allows-code-execution/ ------------------------ ABOUT...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750...

Privilege escalation

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...

CVE-2017-3750

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...