Monthly Archive: September 2018

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. Date published :...

The DEISER "Profields – Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. Date published : 2018-09-21 https://marketplace.atlassian.com/apps/1210816/profields-project-custom-fields/version-history

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all...

A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions...

Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. Date published : 2018-09-21 https://vectra.ai/security-advisories

Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. Date published : 2018-09-21 https://vectra.ai/security-advisories

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. Date published : 2018-09-21 https://vectra.ai/security-advisories

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR...

An issue was discovered in HMRServer.js in Parcel parcel-bundler. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot...

An issue was discovered in Browserify-HMR. Attackers are able to steal developer’s code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone...

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal...

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information...

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view...

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be...