Privilege Escalation

Phusion Passenger is vulnerable to privilege escalation. The gidset variable that manages group permissions is not set properly, leaving group permissions to be assigned at random due to a uninitialized buffer...

DEBIAN-CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

ALPINE-CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

Design/Logic Flaw

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

CVE-2018-10811

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...

Code injection

An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the nolog attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable e.g., withitems, the contents of the loop items would be printed in the console. This could...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

Security Bulletin: IBM SONAS Administrator password can be read by the root user from the shell command history (CVE-2014-3045)

Summary A fix is available for IBM SONAS, for the security issue that after changing password of administrative user, the password can be read by the root user from the shell command history. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: Tivoli Storage Manager Server GSKit Encrypted Record Length Vulnerability (CVE-2012-2191)

Summary A vulnerability exists in the Tivoli Storage Manager server related to SSL/TLS Record Layer Processing CVE-2012-2191. Vulnerability Details A vulnerability CVE-2012-2191 exists in the IBM Tivoli Storage Manager TSM server when used with Secure Sockets Layer SSL. An included component of t...

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)

Summary IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SELECT statement with XML/XSLT function to read arbitrary text files owned by the DB2 instance owner. On Windows, the attacker is able to re...

Security Bulletin: TLS padding vulnerability affects IBM WebSphere MQ (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM WebSphere MQ. Vulnerability Details CVE-ID: CVE-2014-8730 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by th...

Unspecified vulnerability in html-janitor

html-janitor is a module for controlling, cleaning up HTML. A security vulnerability exists in html-janitor. An attacker can exploit this vulnerability to bypass the filtering process with the help of the 'sanitized' variable...

Heap overflow

In wmandpendresponseeventhandler, the variable lenendrsp is a uint32 which can be overflowed if the value of variable "event-numndpendrspperndilist" is very large which can then lead to a heap overwrite of the heap object endrsp in all Android releases from CAF Android for MSM, Firefox OS for MSM...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...