Security News
Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
Categories: Security News
Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
Categories: Security News
Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities
OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities
Categories: Security News
CVE-2019-8980
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
Categories: Security News
CVE-2019-8979
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
Categories: Security News
Vuln: Intel Data Center Manager SDK CVE-2019-0112 Denial of Service Vulnerability
Intel Data Center Manager SDK CVE-2019-0112 Denial of Service Vulnerability
Categories: Security News
Vuln: Intel Data Center Manager SDK CVE-2019-0111 Local Insecure File Permissions Vulnerability
Intel Data Center Manager SDK CVE-2019-0111 Local Insecure File Permissions Vulnerability
Categories: Security News
Vuln: Intel Data Center Manager SDK CVE-2019-0110 Information Disclosure Vulnerability
Intel Data Center Manager SDK CVE-2019-0110 Information Disclosure Vulnerability
Categories: Security News
Vuln: Intel Data Center Manager SDK CVE-2019-0103 Local Information Disclosure Vulnerability
Intel Data Center Manager SDK CVE-2019-0103 Local Information Disclosure Vulnerability
Categories: Security News
CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Categories: Security News
CVE-2018-20146
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
Categories: Security News
CVE-2019-5727
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
Categories: Security News
CVE-2018-15380
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
Categories: Security News
CVE-2019-3474
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Categories: Security News
CVE-2019-3475
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Categories: Security News
CVE-2019-1003024
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Categories: Security News
CVE-2019-1003025
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Categories: Security News
CVE-2019-1003026
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
Categories: Security News
CVE-2019-1003027
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.
Categories: Security News
CVE-2019-1003028
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
Categories: Security News