530 matches found
PT-2018-5671 · Mysql Server · Mysql Multi-Master Replication Manager (Mmm) Mmm Agentd
Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the add ip function, resulting in arbitrary command execution with the privileges...
PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager
Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...
Apple iOS, tvOS and watchOS Graphics Driver Memory Corruption Vulnerability
Apple iOS, tvOS, and watchOS are all products of Apple Inc. Apple iOS is an operating system for mobile devices; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. graphics Driver is one of the graphics drivers. A security vulnerability exists in the Graphics Driv...
CVE-2018-2742
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Framework. Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
PT-2018-1302 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software versions 6.2.1 through 6.2.2 Description: A vulnerability in the internal packet-processing functionality could allow an unauthenticated, remote attacker to cause an affected device to stop processi...
CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability
CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. The vulnerability can be exploited to conduct cross-site scripting attacks via the...
DEBIAN-CVE-2018-9264
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency...
Wireshark Denial of Service Vulnerability (CNVD-2018-07444)
Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.LWAPP dissector is one of the lightweight access point protocol parsers. A security...
CVE-2018-4092
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read...
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
Servicing stack update for Windows 10 Version 1703: March 22, 2018
Servicing stack update for Windows 10 Version 1703: March 22, 2018 Summary This update makes stability improvements for the Windows 10 Version 1703 servicing stack. How to get this update Method 1: Windows Update This update will be downloaded and installed automatically. Method 2: Microsoft Upda...
CVE-2018-1000092
CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery CSRF vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. This attack appear to be exploitable via A specially crafted web page. This vulnerability...
DEBIAN-CVE-2017-10872
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...
DEBIAN-CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
DEBIAN-CVE-2017-17085
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length...
VMware AirWatch Launcher for Android UI Elevation of Privilege Vulnerability
VMware AirWatch is a suite of enterprise mobility management solutions from VMware, Inc. and VMware AirWatch Launcher for Android is one of the launchers based on the Android platform. A privilege extraction vulnerability exists in versions of VMware AirWatch Launcher for Android prior to 3.2.2. ...
Artifex Ghostscript GhostXPS Heap Buffer Overflow Vulnerability
Artifex Ghostscript is an open source PostScript a page description language and programming language for the electronics industry and desktop publishing parser from Artifex Software. Artifex Ghostscript A security vulnerability exists in the 'xpsloadsfntname' function of the xps/xpsfont.c file i...
Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...
Apache httpd denial of service vulnerability (CNVD-2017-11803)
Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in the HTTP strict parsing changes added to Apache httpd versions 2.2.32 and 2.4.24. An attacker could exploit...
CVE-2017-6682
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.29.76...