165 matches found
March 5, 2019, update for Access 2010 (KB4018363)
March 5, 2019, update for Access 2010 KB4018363 This article describes update 4018363 for Microsoft Access 2010 that was released on March 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2010. It doesn't apply to th...
CVE-2019-17497
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files a related issue to CVE-2018-4993. For example, an NTLM hash is sent for a link to \192.168.0.2\C$\file.pdf without user interaction...
PT-2019-7670 · WordPress · Wp-Database-Backup
Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.3 Description: The issue concerns a CSRF problem in the wp-database-backup plugin for WordPress. Recommendations: For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the iss...
TheHive Elevation of Privilege Vulnerability
TheHive is a scalable open source security incident response platform. An elevation of privilege vulnerability exists in the User API in versions of TheHive prior to 2.13.4 and 3.x prior to 3.3.1, which can be exploited by an attacker with read-only or read/write access to escalate privileges to...
CVE-2018-14746
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS...
CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS...
CVE-2017-13072
Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...
CVE-2018-2742
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Framework. Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
PYSEC-2017-53
Cross-site scripting XSS vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1...
UBUNTU-CVE-2017-14058
In FFmpeg 2.4 and 3.3.3, the readdata function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service infinite loop...
BUFFALO WAPM-1166D and WAPM-APG600H Cross-Site Request Forgery Vulnerabilities
The BUFFALO WAPM-1166D and WAPM-APG600H are both wireless LAN access point devices from BUFFALO Japan. A cross-site request forgery vulnerability exists in the WMR-433 using firmware version 1.02 and earlier and the WMR-433W using firmware version 1.40 and earlier. A remote attacker could exploit...
ElasticSearch X-Pack Security Information Disclosure Vulnerability
ElasticSearch X-Pack is an extension of the Elastic Stack log analysis system from the Dutch company Elasticsearch. security is one of the features used to control access rights. An information disclosure vulnerability exists in ElasticSearch X-Pack Security versions prior to 5.4.1 and versions...
systemd-resolved denial of service vulnerability
systemd-resolved is a system service used to manage network name resolution. A denial of service vulnerability exists in systemd-resolved version 233 and earlier. A remote attacker could use this vulnerability to cause a denial of service daemon crash with a specially crafted DNS response...
Stored XSS Cross-Site Scripting Vulnerability in Ocean CMS Version 6.33
Ocean CMS is an open source website builder. A stored XSS cross-site scripting vulnerability exists in Ocean CMS version 6.33. An attacker can exploit the vulnerability to inject arbitrary Web script or HTML...
Multiple Apple Products WebKit Homologation Policy Bypass Vulnerability
Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...
Multiple Apple Products WebKit Unauthorized Access Vulnerability
Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...
Multiple Apple Products WebKit Denial of Service Vulnerability
Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...
PT-2016-2721 · Apple · Os X +3
Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 9.3.3 Apple OS X versions prior to 10.11.6 Apple tvOS versions prior to 9.2.2 Apple watchOS versions prior to 2.2.2 Description: The issue is caused by a buffer overflow in the ImageIO component. This can be...
Unspecified Vulnerability in Oracle Supply Chain Products Suite Agile PLM Framework Component
Oracle Supply Chain Products Suite is a suite of supply chain solutions from Oracle that provides value chain planning, value chain execution, product lifecycle management, etc. Oracle Agile PLM Framework is one of the product lifecycle management PLM components. Oracle Agile PLM Framework is one...
Vulnerabilities of the Red Hat Linux operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The tcl-8.3.3 package of the Red Hat Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...