CVE-2018-12291
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
Source: CVE-2018-12291
[월:] 2018년 06월
CVE-2018-12292
CVE-2018-12292
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.
Source: CVE-2018-12292
CVE-2018-1393
CVE-2018-1393
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.
Source: CVE-2018-1393
CVE-2018-1431
CVE-2018-1431
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
Source: CVE-2018-1431
CVE-2018-5434
CVE-2018-5434
The TIBCO Designer component of TIBCO Software Inc.’s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.’s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
Source: CVE-2018-5434
CVE-2018-5433
CVE-2018-5433
The TIBCO Administrator server component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, and TIBCO Administrator – Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator – Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Source: CVE-2018-5433
CVE-2011-4183
CVE-2011-4183
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
Source: CVE-2011-4183
CVE-2018-5432
CVE-2018-5432
The TIBCO Administrator server component of of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, and TIBCO Administrator – Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator – Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Source: CVE-2018-5432
CVE-2018-12272
CVE-2018-12272
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.
Source: CVE-2018-12272
CVE-2018-12273
CVE-2018-12273
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.
Source: CVE-2018-12273