Quest NetVault Backup 'NVBUBackupOptionSet Get' Method SQL Injection Vulnerability

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. An SQL injection vulnerability exists in the handling of NVBUBackupOptionSet Get method requests in Quest NetVault Backup, which stems from the program failing to properly validate user-submitted strings before...

UBUNTU-CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

HDF5 De-Zero Vulnerability

HDF5 is a free suite of tools for managing the storage of different types of data that can be managed, manipulated, viewed, analyzed, and generated in portable formats. A security vulnerability exists in the 'H5Tsetloc' function in the H5T.c file of the libhdf5.a text in HDF5 version 1.10.1. An...

DEBIAN-CVE-2017-17508

In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5Tsetloc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file...

CVE-2017-17463

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...

Arbitrary File Deletion Vulnerability in the Pelco Sarix Pro Webcam set_param Program

pelco Sarix Professional is a video camera. An arbitrary file deletion vulnerability exists in the pelco Sarix Pro webcam setparam program. The vulnerability is caused due to the program not checking filenames when processing parameters, which can be exploited by an attacker to delete arbitrary...

Command Execution Vulnerability in the set_param Program of the Pelco Sarix Pro Network Camera

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera setparam program. The vulnerability is caused due to the program not performing security checks on user-submitted parameters, allowing an attack to take full control of the...

The vulnerability of the packet_set_ring function in the kernel of Linux operating systems allows a attacker to increase their privileges, cause service failures, or execute arbitrary code.

The vulnerability of the packetsetring function in the Linux operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, who has local privileges as CAPNETRAW, to create PFPACKET sockets, initiate racing states and memory usage...

The vulnerability of the ALEOS software, a wireless modem from Sierra Wireless, allows a hacker to gain access to the system by exploiting pre-installed credentials.

The vulnerability of the ALEOS software for the Sierra Wireless AirLink GX 440 wireless modem lies in the use of pre-set login credentials. Exploiting this vulnerability allows a malicious actor to gain access to the system with privileges of one of the users: admin, rauser, sconsole, or user, by...

Octopus Deploy XSS Vulnerability

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

DEBIAN-CVE-2017-11089

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWERMODE with data of size less than 4 bytes...

Buffer overflow

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "smesetfties" and "csrroamissueftpreauthreq" due to incorrect initialization of WEXT callbacks and lack of the checks for...

UBUNTU-CVE-2017-11089

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWERMODE with data of size less than 4 bytes...

Microsoft Edge: Memory corruption with Object.setPrototypeOf(CVE-2017-8751)

I accidentally found this while trying to reproduce another bug in Edge. Failed to reproduce on Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. Tested on Microsoft Edge 40.15063.0.0, Microsoft EdgeHTML 15.15063 Insider Preview. Crash Log: First chance exceptions are reported before a...

CVE-2017-16810

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...

CVE-2017-16810

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...

Octopus Deploy 'Variable Set Name' Parameter Cross-Site Scripting Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A cross-site scripting vulnerability exists in the All Variables tag in Octopus Deploy versions 3.4.0-3.13.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or...

CVE-2017-10946

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...