240 matches found
UBUNTU-CVE-2020-27352
When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...
Zivver: one delegate can add another delegate and delete other delegates, exposing all confidential inbox messages
Summary: One Delegate can add another delete and delete other delegates, exposing all inbox messages to other delegates and hence exposing all the confidential info can be seen by newly added delegates Steps To Reproduce: add details for how we can reproduce the issue 1. Login as User1 and add a...
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...
CVE-2020-8495
In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and...
CVE-2015-7556
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...
Design/Logic Flaw
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...
CVE-2015-7556
DeleGate 9.9.13 is affected by a local privilege escalation vulnerability. The issue arises from setuid root binaries (notably dgcpnod) that can be abused by local users to gain root privileges. Exploitation details are documented in multiple public references (e.g., Vapidlabs advisory, 1337DAY e...
CVE-2015-7556
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program...
The vulnerability of the PDFDelegateMessage component (coders/pdf.c) in the ImageMagick graphical editor allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PDFDelegateMessage component coders/pdf.c in the ImageMagick graphical editor related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the PostscriptDelegateMessage function (coders/ps.c) in the console-based image editing tool ImageMagick allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PostscriptDelegateMessage function coders/ps.c in the console-based image editing tool ImageMagick is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...
UBUNTU-CVE-2017-15015
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c...
UBUNTU-CVE-2017-14624
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c...
Description of the security update for Outlook 2013: June 13, 2017
Description of the security update for Outlook 2013: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...
Remote Command Execution
ImageMagick is vulnerable to remote command execution RCE attacks. These attacks are possible due to a flaw in the gnuplot delegate functionality...
DEBIAN-CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors...
UBUNTU-CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors...
Design/Logic Flaw
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2016-5239
CVE-2016-5239 affects ImageMagick prior to 6.9.4-0 and GraphicsMagick; the gnuplot delegate vulnerability allows remote attackers to execute arbitrary commands via crafted images. Exploitation details are not provided in the supplied documents. Remediation is to apply vendor advisories and update...