Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters. Versions affected include OTRS 5.0.x, OTRS 4.0.x, and OTRS 3.3.x.
21f3598970b7ae6cfb31cada4cccc9ed918166bc63d7eb4d159c64b23c2c0334Apache Ranger versions prior to 0.7.1 suffer from issues where policy evaluation ignores characters after the asterisk wildcard character and the Hive Authorizer fails to check for RWX permission when an external location is specified.
6814bd6c1f907764b02dff3ce088b9bd5663fc3d7909eb7b4800f10d2cd5fd82The quicktime_read_moov function in moov.c in libquicktime version 1.2.4 can cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
fb9cf4176e1bb9ffeb25e2984a3e0059e422f89b9a9d4df21f9c53fec333b33dThe cr_tknzr_parse_comment function in cr-tknzr.c in libcroco version 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.
366b354d9941351241af58cad87bacc3ce236b5504a9d75b69f7f88ab2e202f7HPE Security Bulletin HPESBGN03758 1 - A potential security vulnerability has been identified in HPE UCMDB. The vulnerability could be remotely exploited to allow execution of code. Revision 1 of this advisory.
abc2c33ff154d52595c7f537357e1616e0abb2d83811033e13fbdeaa58679370HPE Security Bulletin HPESBHF03757 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 and Comware 7. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
8ebfadf170d8633a6909f8a457571f141c45d90c5465ec0a3703ee10cecd1e08Red Hat Security Advisory 2017-1417-01 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
2fd26e9591f0b2af566c13e0715e149d459ccde23acb9dba984c861a8c4fde23Linux Kernel versions prior to 4.10.13 suffer from a keyctl_set_reqkey_keyring local denial of service vulnerability.
eb31ce0a0f03adae308aa72256412f48eb27210c5ccb26b03e8f3b4580d6441bPuTTY versions prior to 0.68 suffer from an ssh_agent_channel_data integer overflow heap corruption vulnerability.
01e34d1eeb4771600c59ed6fed2a9ba72439204dcc18f929f87585e682764827Artifex MuPDF mutool suffers from a null pointer dereference vulnerability.
7013d145c88072d2d4c78b5a62708d12329121691da376896f143cf4f57b8d5dVMware Workstation version 12 Pro suffers from a null pointer dereference in the vstor2 driver.
7dfc050bb48e7fd3b5f6f5be7c4012afeed48c5754f9d1334d7a8ca265bdacf5Wireshark versions 2.2.0 through 2.2.12 suffer from a ROS dissector denial of service vulnerability.
16394a2d5c693e2e2ed21e655e6209bda5b287e94eefdc1dcb333a517ec241feThe Linux kernel suffers from a ping local denial of service vulnerability.
fc0425f288a46253c0792ede11b0a0ab20d3fe0827d81475ae90660602f38d3bWireshark version 2.2.6 suffers from an IPv6 dissector denial of service vulnerability.
eb7e25793f0dd5785af0848e65f89921f4ec2f9d4db13c5e9f1b105a620ab7cbArtifex MuPDF mujstest version 1.10a suffers from a null pointer dereference vulnerability.
3ebd5bf726849372ff64c9cbf1962799127cc01164e3fc83a1ad4178c90b99fcNet Monitor for Employees Pro versions prior to 5.3.4 suffer from an unquoted service path privilege escalation vulnerability.
a79969f6479c7124bc98763ecfeb997796c5d7e793924ab921f7aa2b83a87483
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed