File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user’s sensitive files via the filename parameter. Date published : 2018-02-27 https://www.synology.com/en-global/support/security/Synology_SA_17_77
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. Date published : 2018-02-27 https://www.synology.com/en-global/support/security/Synology_SA_17_77
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster...
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause...
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose...
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Date published : 2018-02-27 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)…} on an empty array result. Date published : 2018-02-27 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. Date published : 2018-02-27 https://github.com/imsebao/404team/blob/master/lyadmin/lyadmin.md
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that...
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Date published...
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. Date published : 2018-02-27 http://www.securityfocus.com/bid/103174...
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. Date published : 2018-02-27 http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467
In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. Date published : 2018-02-27 https://github.com/robiso/wondercms/commit/64efdc4fd974c83cedd221b46e7c3854a81650ec https://www.wondercms.com/whatsnew
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker. Date published : 2018-02-27 https://github.com/Icinga/icinga2/issues/4920 https://github.com/Icinga/icinga2/pull/5715