The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls.
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal’s input buffer, allowing an attacker to escape the sandbox.
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
The certificate signing REST API in Apache Ambari before 2.4.0 allows remote attackers to execute arbitrary code via shell metacharacters in the agentHostname value.
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management …
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 – 7.1.1.10, 7.2.0 – 7.2.1.3, and 8.0.0 – 8.0.0.1.
A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.