CVE-2019-17577

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

CVE-2019-17577

CVE-2019-17577 affects Dolibarr 10.0.2 with a stored XSS in the outgoing email setup: in /admin/mails.php?action=edit, via the Email used for error returns emails field (Errors-To). Nessus entries similarly describe Dolibarr 10.0.2 as vulnerable with no vendor patch reported in those records. No ...

PT-2019-15211 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.2 Description: The issue is related to a cross-site scripting XSS problem. It occurs via the "outgoing email setup" feature, specifically in the "admin/mails.php?action=edit" URI, through the "Sender email for automatic...

PT-2019-15210 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.2 Description: The issue is related to a security problem where an attacker can inject malicious code. This is possible through the 'outgoing email setup' feature, specifically in the admin/mails.php?action=edit URI, by...

Podman / Varlink Remote Code Execution

!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...

CVE-2019-1316

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'...

CVE-2019-1316

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'...

CVE-2019-1316

Technical details are not publicly available in the provided documents. Monitor for updates and potential new information from official sources.

CVE-2019-1316

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'...

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

Microsoft Windows Setup Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...

KB4520004: Windows 10 Version 1709 October 2019 Security Update

The remote Windows host is missing security update 4520004. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. CVE-2019-1340 - A spoofing vulnerability exists...

KB4519338: Windows 10 Version 1809 and Windows Server 2019 October 2019 Security Update

The remote Windows host is missing security update 4519338. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt...

Security update for singularity (moderate)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2019:2288-1 Rating: moderate References: 1125369 1128598 Cross-References: CVE-2019-11328 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability and h...

USN-4147-1 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup TDLS. A physically proximate attacker could use this to cause a denial of service Wi-Fi disconnect. CVE-2019-0136 It was discovered that the Bluetooth UART...

Security Bulletin: IBM Cloud Private for Data is affected by vulnerabilities in the Setup package. CVE-2018-1113

Summary IBM Cloud Private for Data is affected by vulnerabilities in the Setup Project that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID: CVE-2018-1113 DESCRIPTION: Setup Project could allow a remote attacker to bypass security restrictions, caused by...

The vulnerability in the implementation of ISDN functions in the Cisco IOS XE operating system for Cisco 4000 Series Integrated Services Routers allows a attacker to transmit IPv4 traffic through an unauthenticated ISDN connection for several seconds, from the initial setup of the ISDN connection until a failure in authentication of the PPP connection occurs.

The vulnerability of the Cisco IOS XE operating system’s ISDN function implementation for Cisco 4000 Series Integrated Services Routers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to transmit IPv4 traffic through an unauthenticated...

Fedora 29 : phpMyAdmin (2019-3b5a7abe17)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...