62 matches found
Fedora 30 : openqa / os-autoinst (2019-c404576415)
This update provides recent git snapshots of os-autoinst and openQA, with the usual slate of bug fixes and changes from upstream. Also, the AMQP plugin is now enabled, as the dependencies have been packaged into Fedora. The update also addresses some potential security issues. Note that Tenable...
CVE-2018-0445
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-bas...
CVE-2018-0444
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2018-0444
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2018-0445
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-bas...
Input validation
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the...
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-bas...
CVE-2018-0444
CVE-2018-0444 affects Cisco Packaged Contact Center Enterprise across the web-based management interface. The vulnerability is a stored XSS caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker can lure a user to click a crafted link, potentially executing ...
CVE-2018-0445
Cisco Packaged Contact Center Enterprise (PCCE) web-based management interface is affected by a CSRF vulnerability due to insufficient protections. An unauthenticated, remote attacker could entice a user to follow a crafted link and perform arbitrary actions on the device with the user’s privileg...
CVE-2018-0445 Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-bas...
Cisco Packaged Contact Center Enterprise Cross-Site Request Forgery Vulnerability
Cisco Packaged Contact Center Enterprise is an omnichannel customer care solution. The product focuses on providing self-service Interactive Voice Response IVR and multi-channel automated call distribution. A cross-site request forgery vulnerability exists in the web-based administration interfac...
Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface or conduct a cross-site request forgery CSRF attack. For more...
Ubuntu 12.04 LTS : pam regression (USN-2935-3)
USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. We apologize for the...
CVE-2013-4116
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...
CVE-2013-4116
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...
Code injection
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...
CVE-2013-4116
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...
CVE-2013-4116
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...
CVE-2013-4116
CVE-2013-4116 affects npm (lib/npm.js) prior to 1.3.3. The vulnerability allows a local user to overwrite arbitrary files by creating a symbolic link at a predictable temporary file name used during archive unpacking, enabling potential local privilege escalation. The issue is tied to how npm cre...
CVE-2013-4116
lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...