New vulnerabilities from the NVD: CVE-2012-5645 | | A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Published at: December 30, 2019 at 10:15PM View on website December 31, 2019 at 12:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5476 | | Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. Published at: December 30, 2019 at 10:15PM View on website December 31, 2019 at 12:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5474 | | The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. Published at: December 30, 2019 at 10:15PM View on website December 31, 2019 at 12:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-2016 | | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. Published at: December 31, 2019 at 12:15AM View on website December 31, 2019 at 02:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-0264 | | An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. Published at: December 31, 2019 at 12:15AM View on website December 31, 2019 at 02:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-0196 | | A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser. Published at: December 31, 2019 at 12:15AM View on website December 31, 2019 at 02:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5663 | | The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). Published at: December 31, 2019 at 12:15AM View on website December 31, 2019 at 02:01AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-4357 | | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Published at: December 31, 2019 at 09:15PM View on website December 31, 2019 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-4161 | | gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Published at: December 31, 2019 at 09:15PM View on website December 31, 2019 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2011-3585 | | Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. Published at: December 31, 2019 at 10:15PM View on website December 31, 2019 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2004-2776 | | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. Published at: December 31, 2019 at 10:15PM View on website December 31, 2019 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-4532 | | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Published at: January 02, 2020 at 06:15PM View on website January 02, 2020 at 07:41PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-4318 (feature) | | File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory. Published at: December 26, 2019 at 11:15PM View on website January 02, 2020 at 07:41PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3936 | | Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. Published at: January 02, 2020 at 05:15PM View on website January 02, 2020 at 07:41PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3935 | | Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. Published at: January 02, 2020 at 05:15PM View on website January 02, 2020 at 07:41PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-0161 | | ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. Published at: January 02, 2020 at 08:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-0104 | | In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. Published at: January 02, 2020 at 07:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2014-0048 | | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. Published at: January 02, 2020 at 07:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-4752 | | Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Published at: January 02, 2020 at 07:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3621 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Published at: January 02, 2020 at 08:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3620 | | Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. Published at: January 02, 2020 at 08:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3619 | | Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. Published at: January 02, 2020 at 08:15PM View on website January 02, 2020 at 09:38PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3946 | | Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. Published at: January 02, 2020 at 09:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3945 | | The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. Published at: January 02, 2020 at 09:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3944 | | Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. Published at: January 02, 2020 at 09:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3941 | | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3939 | | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3937 | | Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3932 | | SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3931 | | Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3247 | | Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-3246 | | Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file. Published at: January 02, 2020 at 10:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2010-3782 | | obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. Published at: January 02, 2020 at 09:15PM View on website January 02, 2020 at 11:39PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1642 | | Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. Published at: January 02, 2020 at 11:15PM View on website January 03, 2020 at 01:42AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-1420 | | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. Published at: January 02, 2020 at 11:15PM View on website January 03, 2020 at 01:42AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2013-0737 | | Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. Published at: January 02, 2020 at 11:15PM View on website January 03, 2020 at 01:42AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-4451 | | Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. Published at: January 03, 2020 at 07:15PM View on website January 03, 2020 at 09:32PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5878 | | Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. Published at: January 03, 2020 at 10:15PM View on website January 03, 2020 at 11:32PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2012-5693 | | Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/ attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. Published at: January 03, 2020 at 10:15PM View on website January 03, 2020 at 11:32PM via National Vulnerability Database |
Няма коментари:
Публикуване на коментар