9593 matches found
CVE-2017-14891
In the KGSL driver function gpuobjmapuseraddr in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable...
CVE-2017-14891
CVE-2017-14891 affects the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12. The issue is an uninitialized variable that can leak stack contents, causing information disclosure. The vulnerability is tied to the kernel/driver sta...
CVE-2018-6587
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...
CVE-2018-9039
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...
Design/Logic Flaw
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...
CVE-2018-9039
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...
CVE-2018-9039
CVE-2018-9039 affects Octopus Deploy 2.0 and later up to (but not including) 2018.3.7, where an authenticated user with variable-edit permissions can scope some variables to targets beyond their allowed permissions and see machines outside their team’s scoped environments. Root cause: insufficien...
CVE-2018-9039
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...
UBUNTU-CVE-2018-8963
In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file...
CVE-2018-8963
In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file...
The vulnerability of the dynamic loader ld.so, which is responsible for system calls and core functions of glibc, allows a attacker to trigger a memory corruption.
The vulnerability of the dynamic loader ld.so, which provides system calls and core functions of the glibc library, is related to resource management errors. Exploiting this vulnerability allows an attacker to trigger a memory leak by using the environment variable LDHWCAPMASK...
Information Disclosure
django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...
CVE-2018-0919
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoi...
EUVD-2018-1710
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoi...
Microsoft Office Web Apps Server 2013 RCE And Information Disclosure Vulnerabilities (KB4011692)
This host is missing an important security update according to Microsoft KB4011692 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
BEESCMS V4.0_R_20160525全局变量覆盖导致前台getshell
...
duomicms前台全局变量覆盖导致getshell
...
Code injection
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...
CVE-2018-6947
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...
CVE-2018-6947
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...