314 matches found
Ubuntu 16.04 LTS : Linux (HWE) vulnerabilities (USN-3617-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3617-2 advisory. USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement H...
CVE-2018-4172
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore...
CVE-2018-4123
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address...
Code injection
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...
CVE-2018-6353
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...
CVE-2018-6353
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...
Design/Logic Flaw
DISPUTED HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but mor...
Ubuntu: Security Advisory (USN-3485-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3485-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3485-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3485-2 advisory. USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
CVE-2015-6839
The CVE-2015-6839 entry concerns MSA vot.Ar 3.1, where the parse function fails to prevent a candidate from receiving multiple votes. The underlying issue is a vulnerability in the parsing logic that allows an RFID ballot tag crafted by an attacker in close physical proximity to cause multiple vo...
CVE-2015-6839
The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...
Input validation
ovirtsafedeleteconfig in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary...
CVE-2014-8170
ovirtsafedeleteconfig in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary...
CVE-2014-8170
CVE-2014-8170 affects ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3. The issue stems from ovirt_safe_delete_config in ovirtfunctions.py (and other locations) not properly quoting input strings, enabling arbitrary command execution when a semicolon is included in...
Design/Logic Flaw
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script...
Design/Logic Flaw
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...
CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...
CVE-2016-6338
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...
Design/Logic Flaw
The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...