Authorization Bypass

qpid-cpp is vulnerable to authorization bypass attacks. The vulnerability exists as qpid-cpp does not properly verify credentials during the joining of a cluster. This allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by using a valid...

[SECURITY] Fedora 29 Update: gnupg2-2.2.12-1.fc29

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities. ======================================================================= title: Multiple Vulnerabilities...

Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...

Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com

summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...

Fedora 28 : singularity (2018-da87b1e643)

This rebases singularity from 2.2.1 to 2.5.1, which should include all corresponding updates n.b. a request for rebase permission has been put into FESCo; hence auto-push has been disabled until they approve. Please test for functionality and backward compatibility issues, particularly around the...

MISP - Malware Information Sharing Platform and Threat Sharing

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System NIDS, LIDS but also log analysi...

CVE-2018-1000624

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2IHUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system...

The RPC vulnerability mining case studies, on-vulnerability and early warning-the black bar safety net

2018 8 the end of the month, a self-proclaimed“sandbox escape”SandboxEscaperof female researchers released a Windows local privilege escalation 0 day vulnerability. In addition, also attach a proof of concept attack that allows hackers to read the system in unauthorized areas, but at the moment...

CVE-2018-18959

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...

F5 Networks BIG-IP : TMM vulnerability (K23328310)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.4 / 13.1.1.2 / 14.0.0.3 / 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K23328310 advisory. - On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using th...

CVE-2018-15330

The CVE-2018-15330 issue affects BIG-IP software when a virtual server uses the inflate functionality to process a gzip bomb payload, causing a fatal error and potentially a core file in TMM. Affected versions include BIG-IP 14.0.0–14.0.0.2, 13.0.0–13.1.1.1, and 12.1.0–12.1.3.7. The vulnerability...

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914...

JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

Medium: zsh

Issue Overview: A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the...

RHEL 7 : Red Hat OpenShift Enterprise Kibana (RHSA-2016:1836)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1836 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service PaaS solution designed for on-premise or private clo...

CVE-2018-3948

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

Overcoming OpenStack Obstacles for vCDN at the Edge

Akamai and Wind River have collaborated to provide a validated, joint solution for virtual CDN services delivered with the reliability, scalability, and edge-optimized footprint that are required for cost-effective deployments in telecom networks. As the competition for viewers continues to heat...

[SECURITY] Fedora 28 Update: kio-extras-18.08.3-1.fc28

Additional components to increase the functionality of KIO Framework...

[SECURITY] Fedora 29 Update: kio-extras-18.08.3-1.fc29

Additional components to increase the functionality of KIO Framework...