151 matches found
CVE-2022-0677
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools in relay role, GravityZone in Update Server role allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to...
Cross site request forgery (csrf)
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.50-alt1
Oct. 7, 2021 Anton Farygin 1:2.4.50-alt1 - 2.4.50 Fixes: CVE-2021-41773, CVE-2021-41524...
PT-2021-17153
Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux and through 1.12.4 on Windows. Description OpenPLC ScadaBR is affected by a stored cross-site scripting XSS vulnerability in the system settings.shtm file. This flaw allows attackers to execute...
Intel Graphics Drivers 输入验证错误漏洞
Intel is an American company that develops CPUs and is the world's largest manufacturer of personal computer parts and CPUs. Intel® Graphics Drivers Integer Overflow Vulnerability, an integer overflow vulnerability in the firmware of some IntelR Graphics Drivers for Windows prior to version...
Security fix for the ALT Linux 10 package helm version 3.4.1-alt1
Nov. 23, 2020 Aleksei Nikiforov 3.4.1-alt1 - Updated to upstream version 3.4.1 Fixes: CVE-2020-4053, CVE-2020-11013, CVE-2020-15184, CVE-2020-15185, CVE-2020-15186, CVE-2020-15187...
CVE-2019-19455
Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was...
CVE-2018-3933
An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 6,1,2018,0312. A crafted Microsoft Word DOC document can lead to an out-of-bounds write, resulting in remote cod...
PT-2018-2560 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.7 Description: The issue exists due to insufficient input validation in the yurex USB driver, specifically in the yurex read function within the drivers/usb/misc/yurex.c file. This can be exploited by local...
CVE-2017-12549
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...
7-Zip and p7zip Memory Corruption Vulnerability
7-Zip is a free, open source compression/decompression software. p7zip is its version for Linux-based platforms. A security vulnerability exists in the NCompress::NRar3::CDecoder::Code method in 7-Zip prior to version 18.00 and p7zip, which stems from the program's failure to properly handle...
Commvault Communications Service (cvd) - Command Injection Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Commvault Communications Service cvd Command...
HackerOne: ImageMagick GIF coder vulnerability leading to memory disclosure
Hello Hackerone Security Team, Well,we are aware of Imagemagick Gif parsor method to collect the pixels and then we can recover it to gain server information. https://github.com/neex/gifoeb However,it has no impact on hackerone since it's immune to gif files uploading functionality. So, ,gif...
Security fix for the ALT Linux 10 package thunderbird version 52.5.2-alt1
Dec. 25, 2017 Andrey Cherepanov 52.5.2-alt1 - New version 52.5.2 - Enigmail 1.9.9 - Fixes: + CVE-2017-7846 JavaScript Execution via RSS in mailbox:// origin + CVE-2017-7847 Local path string can be leaked from RSS feed + CVE-2017-7848 RSS Feed vulnerable to new line Injection + CVE-2017-7829...
Command injection
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors...
CVE-2016-8019
Cross-site scripting XSS vulnerability in attributes in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input...
PT-2016-7183 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.382 Adobe Flash Player versions 19.x through 23.x before 23.0.0.185 Adobe Flash Player versions prior to 11.2.202.637 on Linux Description: The issue allows attackers to execute arbitrary code by...
PT-2016-5879 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.375 Adobe Flash Player versions 19.x through 23.x before 23.0.0.162 Adobe Flash Player versions prior to 11.2.202.635 on Linux Description: An integer overflow issue allows attackers to execute...
PT-2016-2425 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 Adobe Flash Player version before 11.2.202.632 on Linux Description: The issue is related to the lack of protection for internal...
Vulnerability of software platforms such as Flash Player and Flash Player for Linux, which allows attackers to compromise the integrity, accessibility, and confidentiality of information.
The vulnerabilities of the Flash Player and Flash Player for Linux are related to errors in the code. Exploiting these vulnerabilities can allow a malicious actor to compromise the integrity, accessibility, and confidentiality of information...