IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967. Date published : 2018-09-13 http://www.securityfocus.com/bid/105343 https://www.ibm.com/support/docview.wss?uid=ibm10728857
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types. Date published : 2018-09-13 https://seclists.org/bugtraq/2018/Sep/27 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-015.txt
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. Date published :...
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used....
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. Date published : 2018-09-13 https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. Date published : 2018-09-13 https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters...
A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages. Date published : 2018-09-13 https://support.f5.com/csp/article/K40625021
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too...
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior. Date published : 2018-09-13 http://www.securityfocus.com/bid/105328 https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device’s protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there...
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute...
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack...
In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. Date published : 2018-09-12 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt