8246 matches found
SUSE-SU-2018:1492-1 Security update for dpdk-thunderxdpdk
This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest...
Command injection
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on...
IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2018-10946)
IBM Content Navigator is a Web client from IBM USA that supports searching and processing documents stored in content servers around the world from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator. A remote attacker can exploit this vulnerability to inject...
F5 BIG-IP Security Restriction Bypass Vulnerability
F5 BIG-IP is a collection of software and hardware that allows you to control the traffic that passes through your network. A security restriction bypass vulnerability exists in F5 BIG-IP 11.x, 12.x, and 13.x. A remote attacker could exploit this vulnerability to run commands in the Traffic...
Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-15257)
IBM Financial Transaction Manager FTM for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services are financial transaction manager products from IBM USA, which are primarily used for monitoring, tracking and reporting on financial payments and transactions. A cross-site...
Important: Red Hat Security Advisory: redhat-virtualization-host security update
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
KLA11251 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple memo...
CVE-2018-1461
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code ...
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...
CVE-2018-0328
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cisco TelePresence Server Cross-Frame Scripting Vulnerability
Cisco TelePresence Server Software is the United States of America Cisco Cisco is a set of video conferencing solutions known as "TelePresence" system. The program provides audio, video space and other components for remote participants to provide a "face-to-face" virtual meeting room effect. web...
McAfee VirusScan Enterprise Elevation of Privilege Vulnerability
McAfee VirusScan Enterprise VSE is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scanning memory for malicious code and optimizing updates for remote systems, etc. Microsoft Windows client is one of its clients based on...
Oracle Retail Applications Retail Point-of-Service Component Unauthorized Operation Vulnerability
Oracle Retail Applications is the United States Oracle Oracle company's set of retail applications store solutions. Retail Point-of-Service is one of the retail point-of-service management components. A security vulnerability exists in the User Interface subcomponent of the Retail Point-of-Servic...
Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation
The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interfaceCONFIGXFRMUSER compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrmdumppolicydone. A user/process could abuse this flaw to potentially...
KLA11242 Multiple vulnerabilities in Microsoft Exchange Server
Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper handling of objects in...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2018-09160)
IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site...
CVE-2018-1413
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819...
WatchGuard AP100, AP102 and AP200 Authentication Vulnerabilities
The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200 using firmware versions prior to 1.2.9.15, which stems from a failure of the local Access Point Web...
Cisco Prime Service Catalog User Interface Denial of Service Vulnerability
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to...
IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-08943)
IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.5, 5.0.7...