In Apache OpenMeetings 3.0.0 – 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. Date published : 2018-02-28 https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which...
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. Date published : 2018-02-27 https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210 https://access.redhat.com/errata/RHSA-2018:1932
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. Date published : 2018-02-27 https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055 https://access.redhat.com/errata/RHSA-2018:3073
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical...
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. Date published : 2018-02-27 https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60 https://usn.ubuntu.com/3593-1/
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. Date published :...
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the...
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. Date published : 2018-02-27 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. Date published...
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. Date published : 2018-02-27 http://www.securityfocus.com/bid/103183 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM...
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact...
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into...