News aggregator

CVE-2018-18368

National Vulnerability Database - Fri, 11/15/2019 - 12:15
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
Categories: Security News

CVE-2019-12756

National Vulnerability Database - Fri, 11/15/2019 - 12:15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights.
Categories: Security News

CVE-2011-0703

National Vulnerability Database - Fri, 11/15/2019 - 12:15
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
Categories: Security News

CVE-2011-2726

National Vulnerability Database - Fri, 11/15/2019 - 12:15
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL.
Categories: Security News

CVE-2011-2910

National Vulnerability Database - Fri, 11/15/2019 - 12:15
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.
Categories: Security News

CVE-2016-5285

National Vulnerability Database - Fri, 11/15/2019 - 11:15
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.
Categories: Security News

CVE-2009-5047

National Vulnerability Database - Fri, 11/15/2019 - 11:15
Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.
Categories: Security News

CVE-2013-4584

National Vulnerability Database - Fri, 11/15/2019 - 10:15
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
Categories: Security News

CVE-2013-7087

National Vulnerability Database - Fri, 11/15/2019 - 10:15
ClamAV before 0.97.7 has WWPack corrupt heap memory
Categories: Security News

CVE-2013-7088

National Vulnerability Database - Fri, 11/15/2019 - 10:15
ClamAV before 0.97.7 has buffer overflow in the libclamav component
Categories: Security News

CVE-2013-7089

National Vulnerability Database - Fri, 11/15/2019 - 10:15
ClamAV before 0.97.7: dbg_printhex possible information leak
Categories: Security News

CVE-2014-0021

National Vulnerability Database - Fri, 11/15/2019 - 10:15
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
Categories: Security News

CVE-2014-0023

National Vulnerability Database - Fri, 11/15/2019 - 10:15
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Categories: Security News

CVE-2019-14345

National Vulnerability Database - Fri, 11/15/2019 - 09:15
TemaTres 3.0 allows remote unprivileged users to create an administrator account
Categories: Security News

CVE-2019-14343

National Vulnerability Database - Fri, 11/15/2019 - 08:15
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
Categories: Security News

CVE-2019-14869

National Vulnerability Database - Fri, 11/15/2019 - 07:15
A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
Categories: Security News

CVE-2019-18987

National Vulnerability Database - Fri, 11/15/2019 - 01:15
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
Categories: Security News

CVE-2019-18986

National Vulnerability Database - Fri, 11/15/2019 - 00:15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Categories: Security News

CVE-2019-18981

National Vulnerability Database - Fri, 11/15/2019 - 00:15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
Categories: Security News

CVE-2019-18982

National Vulnerability Database - Fri, 11/15/2019 - 00:15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
Categories: Security News

Pages