Apache Tomcat JK ISAPI Connector Information Disclosure Vulnerability

Apache Tomcat JK ISAPI Connector is a U.S. Apache Apache Software Foundation for Apache or IIS to provide a connection to the back-end Tomcat module , which supports clustering and load balancing and so on. A security vulnerability exists in Apache Tomcat JK ISAPI Connector versions 1.2.0 through...

Denial of service vulnerability in curl

Haxx curl is a set of file transfer tools from the Swedish company Haxx that work on the command line using URL syntax, the tool supports file uploads and downloads, and includes a libcurl client-side URL transfer library for program development. A security vulnerability exists in the LDAP code i...

ALPINE-CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

beanstalk-dispatch (>=0.0.3 <=0.0.5), cklauth (>=0.1.0 <=0.3.0) +120 more potentially affected by CVE-2018-7536 via django (>=2.0.0 <=2.0.2)

django PYPI version =2.0.0, =0.0.3, =0.1.0, =0.5.0, =3.0.0, =2.1.0, =1.1.0, =0.0.7, =0.1.0, =0.0.2, =1.3.0, =2.0.0, =2.0.2 - django-cas-server =1.0.0 and more Source cves: CVE-2018-7536 Source advisory: OSV:PYSEC-2018-5...

Apache Oozie Information Disclosure Vulnerability (CNVD-2018-06533)

Apache Oozie is a workflow scheduling system for managing Apache Hadoop jobs from the U.S. Apache Apache Software Foundation. The system supports Java map-reduce, Pig, Hive and many other types of Hadoop jobs. A security vulnerability exists in Apache Oozie versions 3.1.3-incubating through 4.3.0...

Doorkeeper gem cross-site scripting vulnerability

Doorkeeper is based on the Ruby language open source Web application framework in the OAuth 2 Open Authorization Protocol provider . A cross-site scripting vulnerability exists in Doorkeeper gem versions 2.1.0 through 4.2.5, which can be exploited by an attacker to insert cross-site code and obta...

Wireshark epan/dissectors/packet-usb.c file denial of service vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the epan/dissectors/packet-usb.c file in Wireshark...

DEBIAN-CVE-2018-7320

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets...

5aces-client-web (>=1.0.1 <=1.0.6), @bani2812/teasilent (=1.1.4) +61 more potentially affected by CVE-2018-6184 via next (>=1.2.3 <=4.2.1)

next NPM version =1.2.3, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.5, =0.3.0, =0.1.8, =0.1.0, =1.0.2, =1.3.21, =0.0.80, =0.0.143 and more Source cves: CVE-2018-6184 Source advisory: OSV:GHSA-M34X-WGRH-G897...

DEBIAN-CVE-2017-15135

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare an...

alertminer-alpha (=1.0.0), electron-prebuilt-compile (>=1.7.0 <=1.7.1) +2 more potentially affected by CVE-2018-1000006 via electron (>=1.7.0 <=1.7.10)

electron NPM version =1.7.0, =1.7.0, =1.0.0, =1.0.1 Source cves: CVE-2018-1000006 Source advisory: OSV:GHSA-W222-53C6-C86P...

libdwarf Memory Misreference Vulnerability

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A memory misreference vulnerability exists in libdwarf versions 20130126 through 20140805 in dwarfdump. A remote attacker can exploit this vulnerability to cause a denial of service program crash with the help of a...

ALPINE-CVE-2018-5335

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length...

PT-2018-16863

Name of the Vulnerable Software and Affected Versions Kentico versions 9.0 through 11.0 Description The issue is related to a stack-based buffer overflow that can occur via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. However, the vendor disputes th...

IBM Tivoli Key Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2018-01131)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. A cross-site scripting vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. An attacker can exploit this...

CVE-2017-15714

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "format=%27;alert%27xss%27" to the URL an alert window would execute...

Mautic SSO Login Vulnerability

Mautic is an open source marketing automation management software developed and maintained by the Mautic community. The software has features such as monitoring websites, creating web pages, and sending emails.Mautic SSO is one of the single sign-on plugins. A security vulnerability exists in...

Mautic Load Page Cross-Site Scripting Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in the Mautic loading page in Mautic versions 2.1.0 through 2.11.0. A remote attacker can exploit the...

tcmu-runner Information Disclosure Vulnerability

tcmu-runner is a daemon for handling the userspace side of the LIO TCM-User backstore. An information disclosure vulnerability exists in handlerqcow.so in tcmu-runner versions 0.91-1.2.0. An attacker can exploit this vulnerability to inspect any file with root privileges...

Octopus Deploy 'Variable Set Name' Parameter Cross-Site Scripting Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A cross-site scripting vulnerability exists in the All Variables tag in Octopus Deploy versions 3.4.0-3.13.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or...