A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53. Date published : 2020-05-07 https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/979373
A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version...
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create...
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in...
ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). Date published : 2020-05-07 https://security.netapp.com/advisory/ntap-20200507-0001/
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce...
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md https://lodestonesecurity.com
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and...
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. Date published : 2020-05-07 https://github.com/lodestone-security/CVEs/blob/master/remote_kiln_control/an_unfortunate_kilnundrum.md https://lodestonesecurity.com