Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Date published : 2018-07-13 http://www.securityfocus.com/bid/104757 http://www.openwall.com/lists/oss-security/2018/07/02/2
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious...
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java...
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an...
Medtronic N’Vision Clinician Programmer 8840 N’Vision Clinician Programmer, all versions, and 8870 N’Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with...
In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \.econceal to cause a denial of service (BSOD). Date published...
The GDASPAMLib.AntiSpam ActiveX control ASKGDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. Date published : 2018-07-13 https://www.exploit-db.com/exploits/45017/ http://seclists.org/fulldisclosure/2018/Jul/55
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API’s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry....
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them....
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account....
MODX Revolution version
MODX Revolution version
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user....
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to...