663 matches found
EulerOS 2.0 SP2 : librsvg2 (EulerOS-SA-2017-1137)
According to the version of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and...
EulerOS 2.0 SP1 : librsvg2 (EulerOS-SA-2017-1136)
According to the version of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and...
Fedora 26 : php-symfony (2017-4fcbd8a4c3)
2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...
Sql injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter...
CVE-2017-11471
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter...
“The 101” – Episode 1 – What is a Non-Malware Attack?
Welcome to our new video series, “The 101!” This weekly security series aims to do one thing: define endpoint security, one question at a time. Tune in each week as we tackle a new term, concept or comparison in our ongoing effort to cut through the noise and provide clear definitions. Security c...
Qualys Cloud Suite 8.10 New Features
This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements: Authentication Vault integration with BeyondTrust Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and...
Apache Ranger =< 0.5.2 allows to download policy definitions without authentication
Apache Ranger =:6080/service/plugins/policies/download/ The prerequisite to exploit this flaw is to know or guess the policy name. This finding may not constitute a vulnerability by itself, but is equivalent to having access to a network filtering policy: finding holes in policies is then easier...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
Design/Logic Flaw
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2017-2619
A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. Mitigation Add the parameter: unix extensions = no to the global section of your smb.conf and resta...
Apache Camel Validation Component Request Forgery Vulnerability
Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...
Google Cloud Platform Audit
Google Cloud Platform Audit gcp-audit takes a set of projects and audits them for common issues as defined by its ruleset. Issues can include, but are certainly not limited to, storage buckets with read/write permissions for anyone and compute engine instances with services exposed to the Interne...
PYSEC-2016-22
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1)
This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...
The vulnerability of the Xerces C++ library allows a hacker to trigger a service failure.
The vulnerability of the Xerces C++ library arises from buffer overflows in the stack. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures by using embedded DTD files...
Open-Xchange AppSuite Information Disclosure Vulnerability (CNVD-2016-04412)
Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. An information disclosure vulnerability exists in OX AppSuite 7.8.1 and earlier...