1895 matches found
CVE-2019-12675 Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
CVE-2019-12674 Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
CVE-2019-12675 Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...
CVE-2019-7618
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...
CVE-2019-7618
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...
Code injection
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...
CVE-2019-7618
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user...
U.S. Dept Of Defense: [CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████)
A path traversal vulnerability was discovered in Cisco VPN that could allow unauthenticated users to disclose sensitive information such as VPN sessions and files. The vulnerability was assigned CVE-2018-0296. The vulnerability was fixed in updated versions of the software...
Qualys Cloud Platform 8.21.2 New Features
The upcoming release of the Qualys Cloud Platform VM, PC, version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019. See full 8.21.2 new features blog post...
CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
Input validation
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
GitLab: Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests
I've found a three minor vulnerabilities which, when combined, allow an attacker to copy private repositories, confidential issues, private snippets, and then some. I'll go through the code path to explain the vulnerabilities and how they are combined. See the Proof of Concept section if you want...
CVE-2019-12386
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...
UBUNTU-CVE-2019-12386
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...
Cross site scripting
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...
RUSTSEC-2019-0014 Flaw in interface may drop uninitialized instance of arbitrary types
Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...
OPENSUSE-SU-2019:1913-1 Security update for mariadb, mariadb-connector-c
This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 bsc1136035 - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker bsc1136035. - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker...
Invenio-App vulnerable to host header injection attack
APPALLOWEDHOSTS not always preventing host header injection Impact A possible host header injection attack have been identified in Invenio-App. For an attack to be possible, all conditions below must be met: 1. Your webserver must have been configured to route all requests to your application. 2...
IBM DB2 Input Validation Error Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An input validation error vulnerability exists in IBM DB2. An attacker could exploit this vulnerabilit...