** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer...
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. Date published : 2018-06-15 https://github.com/VirusTotal/yara/issues/891 https://bnbdr.github.io/posts/swisscheese/
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. Date published : 2018-06-15 https://github.com/VirusTotal/yara/issues/891 https://bnbdr.github.io/posts/swisscheese/
Chevereto Free before 1.0.13 has XSS. Date published : 2018-06-15 https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70 https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. Date published : 2018-06-15 https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf https://blog.hackercat.ninja/post/pandoras_box/
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. Date published : 2018-06-15 https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf https://blog.hackercat.ninja/post/pandoras_box/
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. Date published : 2018-06-15 https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf https://blog.hackercat.ninja/post/pandoras_box/
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being...
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. Date published : 2018-06-14...
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing...
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability...
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. Date published : 2018-06-14 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. Date published : 2018-06-14 https://www.synology.com/en-global/support/security/Synology_SA_18_16
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the...