CVE-2018-16597

An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

Leave a comment Continue Reading →

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.

Leave a comment Continue Reading →

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Leave a comment Continue Reading →

CVE-2018-16281

The DEISER “Profields – Project Custom Fields” app before 6.0.2 for Jira has Incorrect Access Control.

Leave a comment Continue Reading →

CVE-2018-9282

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a user’s session, or elevate privileges by targeting an administrative user.

Leave a comment Continue Reading →

CVE-2013-7203

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

Leave a comment Continue Reading →

CVE-2013-4451

gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.

Leave a comment Continue Reading →

CVE-2018-12511

In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account’s balance arbitrarily.

Leave a comment Continue Reading →

CVE-2018-13111

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. An attacker could craft a malicious POST request to crash the ONVIF service on such a device.

Leave a comment Continue Reading →

CVE-2018-15612

A CSRF vulnerability in the Runtime Config component of Avaya Aura® Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura® Orchestration Designer include all versions up to 7.2.1.

Leave a comment Continue Reading →