29 matches found
KLA77550 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memor...
ABB Cylon Aspect 3.08.01 Active Debug Data Exposure
ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
USN-6381-1: GNU binutils vulnerabilities
It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...
GitLab 15.0 < 15.8.5 / 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1710)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of...
Ubuntu: Security Advisory (USN-5773-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Threat Round up for November 11 to 18
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 11 and Nov. 18. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
USN-5500-1: Linux kernel vulnerabilities
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Lin Ma discovered that the NFC Controller...
CVE-2021-37601
Prosody vulnerability CVE-2021-37601 affects muc.lib.lua and exposes the list of admins, members, owners, and banned entities for a Multi-User Chat in Prosody 0.11.0–0.11.9. The issue is an information-disclosure flaw that could be exploited remotely in some configurations. Upstream fix is availa...
Advantech iView NetworkServlet ztp_config_name SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. When parsing the ztpconfigname parameter, the process...
QiHang Media Web Digital Signage 3.0.9 Password Disclosure Vulnerability
QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital Signage 3.0.9...
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in PHP (CVE-2019-11045, CVE-2019-11044, CVE-2019-11046)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-11045 DESCRIPTION: PHP could allow a remote attacker to bypass security restrictions, caused by an issue when DirectoryIterator class accepts filenames with embedded \0 byte and treats them ...
Information disclosure
Some Brother printers such as the HL-L8360CDW v1.20 were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL...
Security Bulletin: Vulnerabilities CVE-2017-12613 and CVE-2017-12618 in the IBM i HTTP Server affect IBM i.
Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in aprtimeexp...
USN-3596-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...
Microsoft Graphics Component Multiple Vulnerabilities (4013075)
This host is missing a critical security update according to Microsoft Bulletin MS17-013. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2016-9189
CVE-2016-9189 concerns Pillow (Python Imaging Library fork). Affected: Pillow versions before 3.3.2. Root cause: integer overflow in Image.core.map_buffer within map.c that can be exploited via crafted image files. Impact: information disclosure (partial confidentiality) per CVSS data; local expl...
Mozilla Firefox < 49.0.2 Multiple Vulnerabilities
Binary data 9751.prm...
PHP 5.6.x < 5.6.19 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...
Multiple Vendor SNMP public Community String Information Disclosure
Nessus was able to enumerate sensitive information on the remote device by sending SNMP requests using 'public' as the SNMP community string. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid74091; scriptversion"$Revision: 1.2 $"; scriptcvsdate"$Date: 2015/09/24 23:21:...
tomcat6 security update
CentOS Errata and Security Advisory CESA-2014:0429 Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...