Command injection vulnerability in change password of QNAP Q’center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Date published : 2018-07-16 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
Exposure of Private Information in QNAP Q’center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. Date published : 2018-07-16 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due...
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block traffic for an affected system....
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected...
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down...
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a...
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the...
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management...
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Date published : 2018-07-16 https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://security.gentoo.org/glsa/201904-12
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. Date published : 2018-07-16 https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html https://security.gentoo.org/glsa/201904-12
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands...
An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, ‘bool sufficientAllowance = allowance value’ condition. Date published : 2018-07-15 https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large...