Apache Tomcat Native Authentication Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...

@bitacode/apispecmd-ts (=0.0.2), @cjser/gulp-markdown-pdf (=9.0.0-cjser.2) +63 more potentially affected by CVE-2018-3770 via markdown-pdf (>=0.1.1 <=8.1.1)

markdown-pdf NPM version =0.1.1, =1.0.0, =1.0.0, =1.0.6, =1.2.151, =1.0.1, =1.17.0, =2.0.0, =0.1.0, =2.0.0, =2.1.0 and more Source cves: CVE-2018-3770 Source advisory: OSV:GHSA-P7C9-JQHQ-VR3V...

Unspecified Vulnerability in Eclipse Vert.x

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM , which is mainly used to build applications such as network utilities , Web applications , HTTP/REST microservices and so on. A security vulnerability exists in Eclipse Vert.x versions 3.0.0 through...

CVE-2018-0617

Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors...

Intel Quartus II Elevation of Privilege Vulnerability

Intel Quartus II is a suite of software for hardware programming from the American company Intel Intel. An elevation of privilege vulnerability exists in Intel Quartus II versions 11.0 through 15.0. A local attacker could exploit this vulnerability to execute arbitrary code...

@arpinum/postgres (>=4.0.0-beta12 <=4.0.0-beta14), appointmed-epr-template-common (>=0.0.46 <=0.0.65) +9 more potentially affected by CVE-2017-16082 via pg (>=6.2.2 <=6.2.3)

pg NPM version =6.2.2, =4.0.0-beta12, =0.0.46, =0.0.35, =0.13.3, =0.0.1, =0.0.1, =1.0.0, =1.0.3 - pg-promise-strict =0.3.4 - pgo =0.2.1 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

PT-2018-16189 · Unknown · Statics-Server

Name of the Vulnerable Software and Affected Versions: statics-server versions 0.0.0 through 0.0.9 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It occurs when statics-server displays a directory index in the browser and an attacker injects an iframe in the...

fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-12869)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.3, which stems from...

PT-2018-13035 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.3 Description: The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using man-in-the-middle techniques...

Cinnamon Design Vulnerability

Cinnamon is an open source desktop environment for Linux. A security vulnerability exists in Cinnamon versions 1.9.2 through 3.8.6, which originates from the cinnamon-settings-users.py GUI that can be run with root privileges and configure other users' icon files. The vulnerability can be exploit...

Ivanti Avalanche Information Disclosure Vulnerability (CNVD-2018-12538)

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 through 6.2, which stems from the program's use of...

Apache Geode server remote code execution vulnerability

Apache Geode server is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode server versions 1.0.0 through 1.4.0. A remote attacker with th...

3rr (>=0.0.1 <=0.0.2), @apechimp/cool-led (=1.0.0) +321 more potentially affected by CVE-2015-9242 via ecstatic (>=0.1.6 <=1.3.1)

ecstatic NPM version =0.1.6, =0.0.1, =0.2.3, =0.2.1, =0.1.1, =1.0.0, =1.6.9, =0.0.6, =3.0.0-0, =0.0.0, =0.0.1, =0.0.4 and more Source cves: CVE-2015-9242 Source advisory: OSV:GHSA-VWJC-Q9PX-R9VQ...

The Sleuth Kit Buffer Overflow Vulnerability (CNVD-2018-14708)

The Sleuth Kit TSK is a collection of data forensic tools developed by software developer Brian Carrier. The tools are able to analyze file systems such as FAT, NTFS, UFS, etc. and provide detailed information about the file system, including deleted data. A buffer overflow vulnerability exists i...

DEBIAN-CVE-2018-11739

An issue was discovered in libtskimg.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function rawread in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-10950)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.2, which stems from...

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430...

curl buffer overflow vulnerability (CNVD-2018-10338)

Haxx curl is a set of file transfer tools from the Swedish company Haxx that work on the command line using URL syntax, the tool supports file uploads and downloads, and includes a libcurl client-side URL transfer library for program development. A heap buffer overflow vulnerability exists in Hax...

Cybozu Office Operation Restriction Bypass Vulnerability

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. An operation restriction bypass vulnerability exists in Cybozu Office versions 10.0.0 through 10.8.0. An attacker can exploit the vulnerability to bypass access restrictions and write to or access data that is not ye...