CVE-2018-4092

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read...

Acrolinx Server for Windows Path Traversal Vulnerability

Acrolinx Server for Windows is a Windows-based intelligent language analysis server from Acrolinx Germany. A path traversal vulnerability exists in versions of Acrolinx Server for Windows based platforms prior to 5.2.5. No details of the vulnerability are available at this time...

CVE-2018-1000092

CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery CSRF vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability...

UBUNTU-CVE-2018-1000079

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...

CVE-2018-6200

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01129)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01130)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...

CVE-2017-1727

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869...

Atlassian Bamboo Remote Code Execution Vulnerability (CNVD-2018-00579)

Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tools help development teams build, test, release and deploy projects using continuous delivery capabilities. A remote code execution vulnerability exists in Atlassian Bamboo versions prior to 6.1.6 an...

CVE-2017-17436

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and...

IBM Infosphere BigInsights Clickjacking Vulnerability

IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A security vulnerability exists in IBM Infosphere...

Blue Coat Malware Analysis Appliance and Malware Analyzer G2 Command Execution Vulnerability

The Blue Coat Malware Analysis Appliance MAA and Malware Analyzer G2 are both malware analysis appliances in Blue Coat's Blue Coat Advanced Threat Protection solution, which provides malware blasting and analysis, exposing zero-day threats and unknown malware, and sharing threat intelligence...

Shopware content management system backend module cross-site scripting vulnerability

Shopware is the German Shopware company's open source e-commerce software. content management system backend modules is one of the content system backend module. A cross-site scripting vulnerability exists in the customer and order section of the content management system backend module in Shopwa...

NetApp Data ONTAP Denial of Service Vulnerability (CNVD-2017-30013)

NetApp Data ONTAP is a set of storage operating system from American NetApp. The system supports the enhancement of the user's enterprise application performance and improve the flexibility of the data center and so on. A security vulnerability exists in NetApp Data ONTAP versions prior to 8.2.5....

Electronic Funds Source Mobile Driver Source app for iOS Security Vulnerability

Electronic Funds Source EFS Mobile Driver Source app for iOS is an iOS based EFS card management app. A security vulnerability exists in version 2.5 of the EFS Mobile Driver Source app for iOS, which is caused by the program failing to validate an X.509 certificate on the server side of an SSL...

Apache Struts Denial of Service Vulnerability (CNVD-2017-23348)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

Foscam C1 Indoor HD Camera Command Injection Vulnerability (CNVD-2017-14064)

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

VulnCheck KEV: CVE-2003-0127

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel...

MODX Revolution Cross-Site Scripting Vulnerability (CNVD-2017-07468)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A cross-site scripting vulnerability exists in versions of MODX Revolution prior to 2.5.7. A remote...