CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

How Endpoint Management Can Keep Workplace IT Secure

Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure. Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hacke...

Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities

Summary IBM Event Streams has addressed the following vulnerabilities in the OpenSSL versions shipped. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature...

[SECURITY] Fedora 30 Update: qemu-3.1.0-6.fc30

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2019-08535)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 66. An attacker could exploit the vulnerability to bypass sandboxing protections and read neighboring data in Chrome's privileged...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Code injection

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...

Design/Logic Flaw

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the...

eVisitorPass Elevation of Privilege Vulnerability

Threshold eVisitorPass is a visitor management system from Threshold Canada. A privilege-lifting vulnerability exists in Threshold eVisitorPass version 1.5.5.2. A local attacker could use this vulnerability to open the task manager, terminate processes, or start other processes...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

Node.js third-party modules: [listening-processes] Command Injection

I would like to report Command Injection in listening-processes It allows an attacker to execute arbitrary commands. Module module name: listening-processes version: 1.2.0 npm page: https://www.npmjs.com/package/listening-processes Module Description A simple NPM module for retrieving pertinent...

Webmin 1.900 Upload Authenticated Remote Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes proc privilege is set the user can...

Webmin Upload Authenticated RCE

This module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the 'Running Processes' proc privilege is set the user can accurately...

GLSA-201903-10 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-10 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caus...

openSUSE Security Update : gdm (openSUSE-2019-310)

This update for gdm fixes the following issues : Security issue fixed : - CVE-2019-3825: Fixed a lock screen bypass when timed login was enabled bsc1124628. Other issues fixed : - GLX applications do not work well when the proprietary nvidia driver is used with a wayland session. Because of that...

Security update for gdm (moderate)

openSUSE Security Update: Security update for gdm Announcement ID: openSUSE-SU-2019:0310-1 Rating: moderate References: 1112294 1112578 1113245 1113700 1120307 1124628 Cross-References: CVE-2019-3825 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has 5 fixes is...

openSUSE: Security Advisory for supportutils (openSUSE-SU-2019:0293-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : supportutils (openSUSE-2019-293)

This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...