Cross site scripting

A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based...

CVE-2018-0422

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a...

(0Day) Fuji Electric Alpha5 Smart Loader A5P File Parsing Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12150

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...

Privilege escalation

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...

Privilege escalation

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12148

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12160

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12150

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...

Huawei Mobile Phone Input Validation Vulnerability

Huawei Mate 10 ALP-L09 is a smartphone product of Chinese company Huawei Huawei. An input validation vulnerability exists in the Huawei Mate 10 ALP-L09 phone due to a lack of parameter checking. An attacker induces a user who has gained root privileges to install a carefully crafted application,...

Stack-based Buffer Overflow

libglusterfs.so is vulnerable to stack-based buffer overflow. The functions in server-rpc-fopc.c allocates fixed size buffers which allows authenticated users to exploit the vulnerability to crash or execute code by mounting a gluster volume and sending a string longer than the fixed buffer size...

Arbitrary Code Execution

libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...

CVE-2018-10929

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes...

glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes...

CVE-2018-10929

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on LAN and not...

Joomla! cross-site scripting vulnerability (CNVD-2018-17502)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.8.12 that stems from the program failing to adequately filter output. A...

Code injection

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...

CVE-2018-15911

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...