Insecure permissions in the Web management portal on all IP cameras based on Hisilicon Hi3510 firmware allow authenticated attackers to receive a network’s cleartext WiFi credentials via a specific HTTP request. This affects certain...
VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. Date...
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured...
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte...
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. Date published : 2019-04-22 http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn’t also set the effective group id. So when it creates the new version, mtab.tmp, it’s created with the group id of the user running mount.ecryptfs_private....
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. Date published : 2019-04-22 https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310....
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. Date published : 2019-04-22 https://launchpad.net/maas/+milestone/1.9.2
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. Date published :...
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. Date published : 2019-04-22 https://launchpad.net/maas/+milestone/1.9.2
All versions of unity-scope-gdrive logs search terms to syslog. Date published : 2019-04-22 https://bugs.launchpad.net/ubuntu/+source/unity-scope-gdrive/+bug/1509076
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. Date published...
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to...