5353 matches found
CVE-2018-11621
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2018-12941
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...
CVE-2018-0342
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to incomplete bounds chec...
Buffer overflow
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service buffer overflow or possibly execute arbitrary code when TLS communication is enabled...
CVE-2018-12584
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service buffer overflow or possibly execute arbitrary code when TLS communication is enabled...
CVE-2018-12584
CVE-2018-12584 affects reSIProcate’s SIP stack, specifically ConnectionBase::preparseNewBytes in resip/stack/ConnectionBase.cxx. When TLS is enabled, it allows remote attackers to trigger a heap overflow/denial of service and potentially execute arbitrary code. Multiple connected advisories note ...
CVE-2018-12584
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service buffer overflow or possibly execute arbitrary code when TLS communication is enabled...
CVE-2018-12584
Removed by vendor...
Adobe Acrobat and Reader Use After Free (APSB18-21: CVE-2018-12792)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Wavelink Emulation License Server Processing Buffer Overflow - Ver2 (CVE-2015-4059)
A buffer overflow vulnerability exists in Wavelink Emulation License Server. The vulnerability is due to a boundary error when parsing HTTP headers. By sending crafted requests to a vulnerable server, a remote unauthenticated attacker can possibly exploit this vulnerability to execute arbitrary...
Ubuntu: Security Advisory (USN-3694-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-4860
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Buffer overflow
Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service DoS via unspecified vectors...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-0209, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)
Summary OpenSSL vulnerabilities were disclosed in March 2015 by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on...
Security Bulletin: Vulnerabilities in wget affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in wget. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-13090 DESCRIPTION: GNU wget is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the fdreadbody function in src/retr.c. By...
Security Bulletin: A vulnerability in nss affects PowerKVM
Summary PowerKVM is affected by a vulnerability in nss. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handsha...
Security Bulletin: Vulnerabilities in GNU Bash affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in GNU Bash. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-9401 DESCRIPTION: GNU Bash could allow a local attacker to bypass security restrictions, caused by a use-after-free error. An attacker could exploit this...
Security Bulletin: Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)
Summary Struts vulnerabilities affect ISD Server. ISD Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
Summary PowerKVM is affected by several vulnerabilities in file. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-3587 DESCRIPTION: PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdfreadpropertyinfo function. A remote attacker could...
Security Bulletin: Multiple Kerberos (krb5) vulnerabilities affect PowerKVM (Multiple CVEs)
Summary PowerKVM is affected by several vulnerabilities in Kerberos krb5. Vulnerability Details CVEID: CVE-2014-5352 DESCRIPTION: MIT krb5 could allow a remote authenticated attacker to execute arbitrary code on the system,, caused by a double-free error in gssprocesscontexttoken. An attacker cou...