New vulnerabilities from the NVD: CVE-2017-1480 | | IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. Published at: June 06, 2018 at 08:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1476 | | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610. Published at: June 06, 2018 at 08:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1474 | | IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606. Published at: June 06, 2018 at 08:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1405 | | IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392. Published at: June 08, 2018 at 04:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1350 | | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. Published at: June 05, 2018 at 06:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-12078 | | Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Published at: June 08, 2018 at 04:29PM View on website June 10, 2018 at 10:14AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-4181 | | A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. Published at: June 11, 2018 at 06:29PM View on website June 11, 2018 at 07:31PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5296 | | A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5295 | | This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5294 | | The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5293 | | When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5292 | | During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5291 | | A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5290 | | Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5289 | | Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5288 | | Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-5287 | | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. Published at: June 12, 2018 at 12:29AM View on website June 12, 2018 at 01:31AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-4182 | | Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. Published at: June 12, 2018 at 06:29PM View on website June 12, 2018 at 07:31PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-4183 | | A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. Published at: June 13, 2018 at 04:29PM View on website June 13, 2018 at 05:31PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар