EulerOS 2.0 SP2 : libvorbis (EulerOS-SA-2018-1105)

According to the version of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...

Unrestricted file upload

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to 1 deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or 2 possibly write to arbitrary files and cause a denial of service by uploading a...

Code injection

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

Design/Logic Flaw

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

Use after free in File#initilialize_copy

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

Ubuntu 14.04 LTS : Ruby regression (USN-3621-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3621-2 advisory. USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch...

Authorization

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header...

CVE-2018-1100

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user...

CVE-2018-9838

The camlbadeserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrar...

CVE-2017-11089

A flaw was found in the netlink 802.11 configuration interface. A local privileged attacker CAPNETADMIN could crash the system or possibly execute arbitrary code...

Ubuntu: Security Advisory (USN-3617-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3620-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201803-14 Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for detail...

GLSA-201804-01 : libxslt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201804-01 libxslt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, via a crafted HTML page, could...

Ubuntu 16.04 LTS : Linux (HWE) vulnerabilities (USN-3617-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3617-2 advisory. USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

CVE-2017-3972 SB10192 - Network Security Management (NSM) - Infrastructure-based foot printing vulnerability

Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant information...

CVE-2018-4129

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit"...

CVE-2018-9141

On Samsung mobile devices with L5.x, M6.0, and N7.x software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105...