Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...

Ecessa Edge EV150 10.7.4 CSRF Add Superuser Exploit

Summary Internet Failover and Load Balancing for Small Businesses, Stores and Branch Offices. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...

Remote code execution

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

DEBIAN-CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

Security Bulletin: Tivoli Storage Manager Linux x86_64 Client Arbitrary DSO Load Elevation of Privileges (CVE-2014-6185)

Summary A vulnerability in the IBM Tivoli Storage Manager TSM Linux x8664 client could allow a local user to gain elevated privileges due to an arbitrary DSO load. Vulnerability Details CVEID: CVE-2014-6185 DESCRIPTION: IBM Tivoli Storage Manager could allow a local attacker to trick one of the...

Security Bulletin: Some versions of IBM Security Access Manager for Web are affected by the Heartbleed vulnerability (CVE-2014-0160)

Summary IBM Security Access Manager ISAM for Web v8.0 introduced a layer 7 front end load balancer. The SSL framework used by this component exposes the 'heartbeat' TLS extension implemented through an affected version of OpenSSL and is therefore susceptible to the Heartbleed vulnerability...

Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEI...

Security Bulletin: Unauthorized Access to user data vulnerability in DB2 during certain LOAD operations (CVE-2014-4805)

Summary During certain LOAD operations into Columnar Data Engine CDE tables, a temporary file containing user data may be created at the DB2 server. As the file only exists for the duration of the LOAD operation and is automatically removed on completion both success and error, the vulnerability...

Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure and SoftControl/SafenSoft Enterprise Unauthorized Operation Vulnerabilities

Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise are Russian Safe'N'Sec's proactive malware defense applications. A vulnerability exists in the snscore.sys file in Safe'N'Sec SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft...

CVE-2018-10850

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1037) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

CVE-2016-5298

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox 50...

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

TensorFlow Dataset API for increasing training speed of neural networks

by M.Salnikov, Wallarm Research Wallarm AI engine is the heart of our security solution. Two key parameters of our AI engine efficiency are how fast neural networks can be train to reflect the updated training sets and how much compute power need to be dedicated to the training on the on-going...

Important: kernel

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...

Important: java-1.8.0-openjdk

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...

Important: java-1.7.0-openjdk

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...

Important: java-1.8.0-openjdk

Issue Overview: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code...