An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a...
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to...
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. Date published : 2018-04-24 https://github.com/phpipam/phpipam/issues/1903
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Date published : 2018-04-24 https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. Date published : 2018-04-24 http://www.securityfocus.com/bid/103959...
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. Date published : 2018-04-24 http://www.securityfocus.com/bid/103960...
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. Date published : 2018-04-24 https://www.exploit-db.com/exploits/44551/ https://github.com/philippe/FrogCMS/issues/5
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript...
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user...
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl’s internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use...
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl’s implementation of the printf() functions. If there are any application that accepts a format string...
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master. Date published : 2018-04-23 https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID:...
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. Date published : 2018-04-23 http://support.lenovo.com/us/en/solutions/LEN-18247 https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/