7872 matches found
CVE-2018-17961
CVE-2018-17961 affects Artifex Ghostscript 9.25 and earlier. It enables sandbox bypass via vectors involving errorhandler setup, saved execution stacks, or the 1Policy operator, potentially allowing code execution or sandbox escape when processing crafted PostScript. The issue is related to an in...
CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...
CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...
CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...
UBUNTU-CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...
Threat Roundup for October 5 to October 12
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 5 and 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...
Docker TOR Hidden Service - Easily Setup A Hidden Service Inside The Tor Network
Easily run a hidden service inside the Tor network with this container Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular...
Security update for gitolite (moderate)
This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...
CVE-2018-9501
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1...
How to use GPMC to manage Citrix Policies (GPOs) for your DaaS environment
This article describes the required steps to be able to correctly setup and configure the management of Citrix Policies using Microsoft's Group Policy Management Console gpmc from a machine other than a Citrix Delivery Controller DDC...
Circontrol CirCarLife Information Disclosure Vulnerability (CNVD-2018-20063)
Circontrol CirCarLife is a parking lot automation system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife versions prior to 4.3, which originates from the program storing sensitive information elements in JSON format in the /services/system/setup.json file. An...
SUSE-SU-2018:2902-1 Security update for yast2-smt
This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' fate321759 - Rearrange the SMT set-up dialog bsc977043 - Added missing translation marks bsc1037811 - Remove cron job rescheduling bsc1097560 This update is a requirement for the security update f...
Information disclosure
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information...
CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information...
CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information...
CVE-2018-17400
The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to...
CVE-2018-17403
The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...
CVE-2018-17403
PhonePe wallet (com.PhonePe.app) on Android, versions 3.0.6–3.3.26, is vulnerable to user impersonation and unauthorized account setup via a malicious app that users must explicitly install and grant Accessibility permission to. This capability relies on the Android Accessibility framework and is...
PT-2018-14013 · Phonepe · Phonepe
Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. To...
CVE-2013-7203
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup...