7430 matches found
Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint
A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System APFS volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein th...
[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.15-1.fc27
ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...
CVE-2017-8048
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...
Design/Logic Flaw
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...
Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...
KLA11849 ACE vulnerability in Microsoft Developer Tools
A memory corruption vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11767 Related products ChakraCore CVE list CVE-2017-11767 critical KB list Solution Install necessary updates from the K...
Fedora 25 : mimedefang (2017-15ad4721e3)
MIMEDefang 2.81 =============== - Don't barf if the installed version of Sys::Syslog has a developer tag added like 0.3301 on Debian Stretch. - Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid an unprivileged user tampering with the pidfiles. Thanks to Michael...
JVN#76692689: SEIL Series routers vulnerable to denial-of-service (DoS)
The IPsec/IKE function in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to a flaw in processing certain packets. Impact Receiving a specially crafted packet may result in a temporary failure of the device's encrypted communication...
Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim
Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...
Micro Focus Enterprise Developer and Enterprise Server Authentication Bypass Vulnerability
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...
Micro Focus Enterprise Developer and Enterprise Server Path Traversal Vulnerability
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...
Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...
Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability (CNVD-2017-26443)
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company. micro Focus Enterprise Developer is a set of integrated development environments for the mainframe. enterprise Server is a production deployment platform for mainframe programs. Enterprise...
Micro Focus Enterprise Developer and Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2017-26441)
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company. micro Focus Enterprise Developer is a set of integrated development environments for the mainframe. enterprise Server is a set of Enterprise Server is a production deployment platform for...
Micro Focus Enterprise Developer and Enterprise Server Cross-Site Scripting Vulnerability
Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...
CVE-2017-7422
Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms CWE-693 and other...
CVE-2017-7423
A Cross-Site Request Forgery CWE-352 vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...
CVE-2017-7420
An Authentication Bypass CWE-287 vulnerability in ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter...
CVE-2017-7421
Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in Directory Server aka Enterprise Server Administration web UI and ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2....