CVE-2018-6965

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

CVE-2018-6966

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

Out-of-bounds

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

Design/Logic Flaw

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service Service crash vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should b...

CVE-2018-6965

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

CVE-2018-8209

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Authentication Bypass Vulnerability in Huawei iBMC Products

Huawei iBMC system is a server remote management system from Huawei, China. An authentication bypass vulnerability exists in the Huawei iBMC product. The vulnerability is due to improper verification of upload privileges, where a remote attacker with normal user privileges could upload...

Arbitrary file read vulnerability in cms made simple backend for normal users

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . cms made simple version 2.2.7 version of the background for file preview there is an arbitrary file read vulnerability , an attacker can...

PVS Targets experience slow boot

Scenario 1 : After PVS software is upgraded ​ Provisioning Services Target Devices, that are using a BOOT.ISO to boot, experience an unusually slow boot time. The Targets can take anywhere from five to twenty minutes to boot. After the Target Device finally boots and it reaches the Windows Login...

CVE-2018-5135

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox 59...

CVE-2018-1000080

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

PYSEC-2018-109

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

Authorization

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

PYSEC-2018-109

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

CVE-2018-1000080

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

CVE-2014-9733

nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors...

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

LAS VEGAS—The FruitFly backdoor became a known entity in January, but it’s a good bet that for years it had been in the wild, undetected by analysts and security software. The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recentl...

CVE-2017-9340

An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2...

PT-2017-18855 · Owncloud · Owncloud Server

Name of the Vulnerable Software and Affected Versions: ownCloud Server versions prior to 10.0.2 Description: An attacker with normal user privileges can potentially delete shared folders in ownCloud Server. Recommendations: For versions prior to 10.0.2, update to version 10.0.2 or later to resolv...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...