вторник, 25 февруари 2020 г.

Weekly Update: New diabetes clinical trial (17 items)

New diabetes clinical trial: At-Risk for Type 1 Diabetes Extension Study

Published on: February 14, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 1
Intervention:   Biological: teplizumab
Sponsor:   Provention Bio, Inc.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04270942?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: An Open-label, Two-center, Randomized, Cross-over Study to Evaluate the Safety and Efficacy of Glycemic Control Using Hybrid-closed Loop vs. Advanced Hybrid Closed-loop in Young Subjects With Type 1 Diabetes

Published on: February 14, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 1
Interventions:   Device: Medtronic Minimed 670G 3.0 HCL;   Device: Medtronic Minimed 670G 4.0 AHCL
Sponsors:   Rabin Medical Center;   GIF;   Medtronic
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04269668?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Use of Insulin Adjustment Device DreaMed Advisor Pro During Routine Clinical Use for Subjects With Diabetes Type 1

Published on: February 14, 2020 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:   Device: DreaMed Advisor Pro
Sponsor:   Rabin Medical Center
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04271228?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Substitution of Sulfonylureas With New Generation of Hypoglycemic Drugs for the Treatment of Type 2 Diabetes Mellitus

Published on: February 17, 2020 at 07:00PM
Conditions:   T2DM (Type 2 Diabetes Mellitus);   Diet, Healthy;   Renal Function Disorder;   Albuminuria
Intervention:   Drug: Sulfa-zero: possible benefits of the treatment of new generation hypoglycaemic drugs compared to sulphonylureas
Sponsor:   University of Milan
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04272359?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Gestational Diabetes

Published on: February 14, 2020 at 07:00PM
Condition:   Gestational Diabetes
Intervention:  
Sponsors:   University Hospital Tuebingen;   Deutsches Diabeteszentrum (DDZ), Leibniz-Institut Düsseldorf;   Medizinische Klinik und Poliklinik III, Universitätsklinikum Carl Gustav Carus, TU Dresden;   Klinik für Diabetologie an der Medizinischen Klinik - Innenstadt, LMU München;   Universitätsklinik Heidelberg, Abteilung Innere Medizin I, Schwerpunkt Endokrinologie und Stoffwechsel;   Universitätsklinikum Leipzig, IFB Adipositas Erkrankungen
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04270578?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: The Impact of Glycemic Index Education on Lowering Dietary GI in Gestational Diabetes Mellitus

Published on: February 17, 2020 at 07:00PM
Condition:   Gestational Diabetes Mellitus
Intervention:   Behavioral: Low Glycemic Index Education
Sponsors:   IWK Health Centre;   Mount Saint Vincent University;   Dalhousie University;   The Hospital for Sick Children
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04272840?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Managing DIabetes Remission After Combined Therapy in EarLy Stage of DiabetEs

Published on: February 14, 2020 at 07:00PM
Condition:   Newly Diagnosed Type 2 Diabetes
Interventions:   Drug: Metformin-Sitagliptin-Empaglifozin-Pioglitazone;   Drug: Standard of care
Sponsor:   Azienda Ospedaliero-Universitaria di Parma
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04271189?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Social Determinants of Global Pediatric Diabetes

Published on: February 17, 2020 at 07:00PM
Condition:   Diabetes Mellitus
Interventions:   Other: Administration of standardized questionnaires;   Device: Physical activity tracker;   Other: Dietary log
Sponsor:   McGill University Health Centre/Research Institute of the McGill University Health Centre
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04272099?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Integration of Education Based-Application and "CARE Coaching Model" in Management of Type 2 Diabetes Mellitus Patients Using Insulin

Published on: February 17, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Interventions:   Other: Mobile Application-Based Diabetes Education;   Other: Health Coaching
Sponsor:   Indonesia University
Active, not recruiting
https://clinicaltrials.gov/ct2/show/NCT04271631?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Scripps Digital Diabetes: Cloud-Based Continuous Glucose Monitoring (CB CGM)

Published on: February 14, 2020 at 07:00PM
Condition:   Diabetes Mellitus, Type 2
Intervention:   Device: Cloud-Based Continuous Glucose Monitoring
Sponsors:   Scripps Whittier Diabetes Institute;   DexCom, Inc.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04269655?term=diabetes&sfpd_d=14 February 17, 2020 at 03:54PM

via ClinicalTrials.gov


New diabetes clinical trial: Lifestyle Intervention for Prevention of Gestational Diabetes Mellitus in the UAE Population

Published on: February 18, 2020 at 07:00PM
Condition:   Gestational Diabetes Mellitus in Pregnancy
Intervention:   Behavioral: moderate-intensity lifestyle intervention
Sponsor:   Rashid Centre for Diabetes and Research
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04273412?term=diabetes&sfpd_d=14 February 18, 2020 at 04:11PM

via ClinicalTrials.gov


New diabetes clinical trial: Evaluation of Diabetes and WELLbeing Programme

Published on: February 18, 2020 at 07:00PM
Conditions:   Type 2 Diabetes;   Type 2 Diabetes Treated With Insulin
Intervention:   Behavioral: DWELL (Diabetes and WELLbeing) Programme
Sponsors:   Canterbury Christ Church University;   Interreg 2 Seas Mers Zeeen;   Medway Community Healthcare;   Blackthorn Trust;   Arteveldehogeschool;   Kinetic Analysis;   Centre Hospitalier Douai
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04274660?term=diabetes&sfpd_d=14 February 18, 2020 at 04:11PM

via ClinicalTrials.gov


New diabetes clinical trial: Diabetes/ Endocrine Surveillance in SDS

Published on: February 19, 2020 at 07:00PM
Condition:   Shwachman-Diamond Syndrome
Interventions:   Diagnostic Test: Oral Glucose Tolerance Test;   Other: Modified Oral Glucose Tolerance Test;   Other: Modified Mixed Meal Tolerance Test;   Device: Continuous Glucose Monitor;   Other: Food Diary;   Other: Medical History Questionnaires
Sponsors:   Washington University School of Medicine;   Shwachman Diamond Syndrome Foundation;   Barnes-Jewish Hospital
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04275479?term=diabetes&sfpd_d=14 February 20, 2020 at 12:11AM

via ClinicalTrials.gov


New diabetes clinical trial: Reducing Emergency Department Visits and Improving Glucose Control in Uncontrolled Type 2 Diabetes Using CGM Sensors at Hospital Discharge

Published on: February 20, 2020 at 07:00PM
Condition:   Type 2 Diabetes Mellitus
Interventions:   Device: Continuous Glucose Monitoring Sensor;   Other: Diabetes Management Instructions
Sponsor:   Albert Einstein Healthcare Network
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04277780?term=diabetes&sfpd_d=14 February 20, 2020 at 04:11PM

via ClinicalTrials.gov


New diabetes clinical trial: Effects of BKR-017 on Insulin Resistance in Type 2 Diabetes Patients

Published on: February 21, 2020 at 07:00PM
Condition:   Type 2 Diabetes
Intervention:   Dietary Supplement: BKR-017
Sponsor:   BioKier Inc.
Not yet recruiting
https://clinicaltrials.gov/ct2/show/NCT04279444?term=diabetes&sfpd_d=14 February 21, 2020 at 02:56PM

via ClinicalTrials.gov


New diabetes clinical trial: Camp Based Multi-component Intervention for Families of Young Children With Type 1 Diabetes

Published on: February 21, 2020 at 07:00PM
Condition:   Type1diabetes
Intervention:   Behavioral: Residential camp
Sponsor:   University of Texas Southwestern Medical Center
Enrolling by invitation
https://clinicaltrials.gov/ct2/show/NCT04279587?term=diabetes&sfpd_d=14 February 21, 2020 at 02:56PM

via ClinicalTrials.gov


New diabetes clinical trial: Investigation of the Skin Barrier in Patients With Type 1 Diabetes

Published on: February 21, 2020 at 07:00PM
Condition:   Type 1 Diabetes
Intervention:  
Sponsor:   Jannet Svensson
Recruiting
https://clinicaltrials.gov/ct2/show/NCT04280315?term=diabetes&sfpd_d=14 February 21, 2020 at 02:56PM

via ClinicalTrials.gov


Weekly Update: a new vulnerability is published on the National Vulnerability Database (45 items)

New vulnerabilities from the NVD: CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
Published at: February 17, 2020 at 06:15PM
View on website

February 17, 2020 at 08:14PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-3722

A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.
Published at: February 17, 2020 at 07:15PM
View on website

February 17, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2412

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4531. Reason: This candidate is a duplicate of CVE-2012-4531. Notes: All CVE users should reference CVE-2012-4531 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Published at: February 18, 2020 at 12:15AM
View on website

February 18, 2020 at 01:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-5594

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding
Published at: February 18, 2020 at 03:15PM
View on website

February 18, 2020 at 05:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4454

WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities
Published at: February 18, 2020 at 04:15PM
View on website

February 18, 2020 at 05:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4227

Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
Published at: February 18, 2020 at 05:15PM
View on website

February 18, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-6295

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
Published at: February 18, 2020 at 07:15PM
View on website

February 18, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
Published at: February 18, 2020 at 07:15PM
View on website

February 18, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-2679

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
Published at: February 18, 2020 at 07:15PM
View on website

February 18, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.
Published at: February 18, 2020 at 08:15PM
View on website

February 18, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2009-5146

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: February 18, 2020 at 07:15PM
View on website

February 18, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4228

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
Published at: February 18, 2020 at 09:15PM
View on website

February 18, 2020 at 11:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4226

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
Published at: February 18, 2020 at 09:15PM
View on website

February 18, 2020 at 11:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-0749

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
Published at: February 19, 2020 at 05:15AM
View on website

February 19, 2020 at 08:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-2054

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
Published at: February 19, 2020 at 05:15AM
View on website

February 19, 2020 at 08:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-3622

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
Published at: February 19, 2020 at 03:15PM
View on website

February 19, 2020 at 05:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-2727

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
Published at: February 19, 2020 at 04:15PM
View on website

February 19, 2020 at 05:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-2228

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
Published at: February 19, 2020 at 04:15PM
View on website

February 19, 2020 at 05:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-5581

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: February 19, 2020 at 05:15PM
View on website

February 19, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks
Published at: February 19, 2020 at 05:15PM
View on website

February 19, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-6614

D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.
Published at: February 19, 2020 at 05:15PM
View on website

February 19, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-1932

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.
Published at: February 19, 2020 at 05:15PM
View on website

February 19, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
Published at: February 19, 2020 at 08:15PM
View on website

February 19, 2020 at 09:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-2018

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Published at: February 20, 2020 at 02:15AM
View on website

February 20, 2020 at 03:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-3484

Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output.
Published at: February 20, 2020 at 06:15AM
View on website

February 20, 2020 at 08:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2629

Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) sy stem_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php.
Published at: February 20, 2020 at 06:15AM
View on website

February 20, 2020 at 08:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-2498

The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
Published at: February 20, 2020 at 06:15AM
View on website

February 20, 2020 at 08:49AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5366

The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Published at: February 20, 2020 at 05:15PM
View on website

February 20, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5365

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Published at: February 20, 2020 at 05:15PM
View on website

February 20, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5364

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
Published at: February 20, 2020 at 05:15PM
View on website

February 20, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5363

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.
Published at: February 20, 2020 at 05:15PM
View on website

February 20, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5362

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.
Published at: February 20, 2020 at 05:15PM
View on website

February 20, 2020 at 07:49PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-3351

Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
Published at: February 20, 2020 at 08:15PM
View on website

February 20, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-2599

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3835. Reason: This issue was MERGED into CVE-2012-3835 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2012-3835 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Published at: February 20, 2020 at 08:15PM
View on website

February 20, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
Published at: February 20, 2020 at 08:15PM
View on website

February 20, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2011-0699

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.
Published at: February 20, 2020 at 08:15PM
View on website

February 20, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-5236

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Published at: February 20, 2020 at 09:15PM
View on website

February 20, 2020 at 11:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
Published at: February 21, 2020 at 06:15PM
View on website

February 21, 2020 at 07:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
Published at: February 21, 2020 at 06:15PM
View on website

February 21, 2020 at 07:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0063

Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.
Published at: February 21, 2020 at 06:15PM
View on website

February 21, 2020 at 07:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Published at: February 21, 2020 at 08:15PM
View on website

February 21, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-6277

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."
Published at: February 21, 2020 at 07:15PM
View on website

February 21, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0844

Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.
Published at: February 21, 2020 at 08:15PM
View on website

February 21, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-0828

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).
Published at: February 21, 2020 at 08:15PM
View on website

February 21, 2020 at 09:46PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2012-1093

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Published at: February 21, 2020 at 09:15PM
View on website

February 21, 2020 at 11:46PM

via National Vulnerability Database