Microsoft Windows Kernel CVE-2018-0830 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Privilege escalation

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call ALPC, aka "Windows Elevation of Privilege Vulnerability"...

CVE-2017-11817

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly...

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

Fedora Update for rt FEDORA-2017-2b7c896551

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rt FEDORA-2017-475aed1bd1

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rt FEDORA-2017-01ce69c6bf

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : rt (2017-01ce69c6bf)

Security fix for CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 25 Update: rt-4.4.1-9.fc25

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

[SECURITY] Fedora 24 Update: rt-4.2.13-2.fc24

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

CVE-2016-6127

CVE-2016-6127: In RT 4.x, an XSS vulnerability exists via file uploads when AlwaysDownloadAttachments is not enabled. Affected versions are RT 4.0.x up to 4.0.25, 4.2.x up to 4.2.14, and 4.4.x up to 4.4.2. Remote attackers can inject arbitrary web script/HTML through a file upload with an unspeci...

CVE-2017-5361

CVE-2017-5361 affects Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2. Root cause: RT did not use a constant-time comparison for secrets, enabling remote timing side-channel observations to leak sensitive password information. Impact: partial confidential...

CVE-2017-5943

CVE-2017-5943 affects Request Tracker (RT) 4.x series. A remote attacker can obtain CSRF verification tokens by sending a crafted URL, enabling leakage of token data. Affected versions include RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2. CVSS appears high (8.8) with network ...

FreeBSD : rt and dependent modules -- multiple security vulnerabilities (7a92e958-5207-11e7-8d7c-6805ca0b3d42)

BestPractical reports : Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and us...

CVE-2017-8466

Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability"...

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports: Please reference CVE/URL list for details...

CVE-2016-7260

CVE-2016-7260 affects multiple Windows releases via a Win32k.sys/Win32k component elevation of privilege vulnerability. The kernel-mode drivers in Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8.1, 2012/2012 R2, RT 8.1, 10 (incl. 1511, 1607), and Server 2016 allow local users to gain privileg...

CVE-2016-0180

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows...