167 matches found
CVE-2018-19358
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms involving the busconf...
PT-2018-14941 · Gnome +2 · Gnome Keyring +2
Name of the Vulnerable Software and Affected Versions: GNOME Keyring versions prior to 3.28.2 Description: The issue allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked. This occurs because available D-Bus protection...
Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)
Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...
Double free
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, incorrect error handling could lead to a double fre...
CVE-2017-10037
Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI...
Code injection
Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI...
CVE-2017-10037
CVE-2017-10037 is a vulnerability in Oracle Fusion Middleware’s Oracle BI Publisher (Web Service API subcomponent). Affected are BI Publisher versions 11.1.1.7.0 and 11.1.1.9.0. An unauthenticated attacker with network access via HTTP can compromise BI Publisher, potentially enabling unauthorized...
Unspecified Vulnerability in Oracle BI Publisher (CNVD-2017-31688)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. Oracle BI Publisher formerly known as XML Publisher is one of the reporting component. An unspecified...
CVE-2017-7200
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...
CVE-2017-7200
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...
CVE-2017-7200
The copyfrom feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to...
Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06828)
Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. Oracle Java SE 6u101,7u85 8u60,Java SE Embedded 8u51, An unspecified vulnerability exists. Allows remote attackers to affect confidentiality via vectors...
Foreman Security Mechanism Bypass Vulnerability
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman versions prior to 1.7.5. A remote attacker could exploit this...
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...
Fedora Update for openstack-keystone FEDORA-2014-4903
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2014-4903 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Windows Manage Driver Loader
This module loads a KMD Kernel Mode Driver using the Windows Service API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SERVICEDEMANDSTART', 'boot' = 'SERVICEBOOTSTART', 'auto' =...
Fedora Update for openstack-keystone FEDORA-2013-20373
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-20373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for openstack-keystone FEDORA-2013-10713
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-10713 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for openstack-keystone FEDORA-2013-2168
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-2168 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...