4656 matches found
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
Improper access control
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
CVE-2018-1000134
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...
User Profile Management: Default Exclusion List not working. Error: "HDX policy DefaultSyncExclusionListDir disabled. Using an empty list"
If you enable "Enable Default Exclusion List - directories " policy from Citrix Studio, it might not work as expected. Following entry isrecorded in User Profile Management UPM logs: 2018-03-16;19:09:25.611;INFORMATION;;;;1756;ReadPolicy: HDX policy DefaultSyncExclusionListDir disabled. Using an...
Chrome: V8: Empty BytecodeJumpTable may lead to OOB read
In the current implementation, the bytecode generator also emits empty jump tables. https://cs.chromium.org/chromium/src/v8/src/interpreter/bytecode-array-writer.cc?rcl=111e990462823c9faeee06b67c0dcf05749d4da8&l=89 So the bytecode for the example code would be generated as follows: Code: function...
kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket...
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
Linux kernel 'setup_ntlmv2_rsp()' function null pointer dereference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability in the 'setupntlmv2rsp' function in the fs/cifs/cifsencrypt.c file in versions of Linux kernel prior to 4.11 stems from the program not proper...
zsh Denial of Service Vulnerability
Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a powerful shell script command interpreter. A denial of service vulnerability exists in params.c in zsh versions 5.4.2 and earlier during the copying of an empty hash table. An attacker can exploit this vulnerability ...
UBUNTU-CVE-2018-1304
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
FreeBSD : tomcat -- Security constraints ignored or applied too late (55c4233e-1844-11e8-a712-0025908740c2)
The Apache Software Foundation reports : Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order...
DEBIAN-CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p...
CVE-2018-7549
CVE-2018-7549 affects zsh (through 5.4.2): a NULL pointer dereference in params.c during a copy of an empty hash table can crash the shell, enabling denial-of-service locally. Several advisories (Red Hat RHSA-2018:3073, CentOS CESA-2018:3073, Amazon Linux ALAS2-2018-986, Fedora advisories) note t...
CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p...
CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p...
CVE-2018-7548
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using $PA... on an empty array result...
UBUNTU-CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p...
Apache Tomcat Security Bypass Vulnerability (CNVD-2018-03661)
Tomcat is developed by the Apache Software Foundation under the Jakarta project a Servlet container , in accordance with the technical specifications provided by Sun Microsystems , the realization of the Servlet and JavaServer Page JSP support , and provides as a Web server some of the unique...
Cisco Elastic Services Controller Software Authentication Bypass Vulnerability
Cisco Elastic Services Controller Software ESC is the U.S. Cisco Cisco, a set of open source for the management of virtual resources modular system. An authentication bypass vulnerability exists in the authentication feature of the Web-based business portal in Cisco Elastic ESC version 3.0.0, whi...