17 matches found
EUVD-2017-14228
Malware in sbrugna...
CVE-2020-14301
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...
Amazon Linux 2 : avahi (ALAS-2020-1502)
The version of avahi installed on the remote host is prior to 0.6.31-20. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1502 advisory. avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not...
NewStart CGSL CORE 5.04 / MAIN 5.04 : chrony Multiple Vulnerabilities (NS-SA-2020-0027)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1...
Information disclosure
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles...
Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-3017-3)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3017-3 advisory. USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement H...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2989-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2989-1 advisory. Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use th...
CVE-2014-0174
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)
The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...
eshtery CMS - FileManager.aspx Local File Disclosure
eshtery CMS - FileManager.aspx Local File Disclosure source: https://www.securityfocus.com/bid/65740/info eshtery CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain...
CVE-2012-2845
Integer overflow in the jpegdataloaddata function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service buffer over-read and application crash or obtain potentially sensitive information via a crafted JPEG file...
openssh-server Forced Command Handling Information Disclosure Vulnerability
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user accoun...
CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-2584
Cisco Show and Share 52, 5.21, and 5.22 before 5.22.1 allows remote attackers to access the 1 Encoders and Pull Configurations, 2 Push Configurations, 3 Video Encoding Formats, and 4 Transcoding administration pages, and cause a denial of service live event outage or obtain potentially sensitive...
CVE-2006-2711
Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...
Information disclosure
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings...