CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-08-01
Medium
CVE-2018-20934

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).

 
Medium
CVE-2016-10834

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

 
Medium
CVE-2016-10825

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

 
2019-07-31
Medium
CVE-2018-16860

Vendor: Heimdal project
Software: Heimdal
 

 
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

 
2018-11-28
Low
CVE-2018-16857

Vendor: Samba
Software: Samba
 

 
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

 
2018-08-29
Low
CVE-2018-15746

Vendor: QEMU
Software: QEMU
 

 
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

 
2018-07-02
Medium
CVE-2018-1243

Vendor: DELL
Software: Idrac6 firmware
 

 
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

 
2018-05-16
High
CVE-2018-0268

Vendor: Cisco
Software: Digital netw...
 

 
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.

 
2018-04-11
Medium
CVE-2018-1275

Vendor: Pivotal software
Software: Spring framework
 

 
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

 
2018-04-06
Medium
CVE-2018-1270

Vendor: Pivotal software
Software: Spring framework
 

 
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top