Due to insufficient checking of privileges, it is possible to access the OTRS Install dialog of an already installed instance, which enables an authenticated attacker to change the database settings, superuser password, mail server settings, log file location and other parameters. Versions affected include OTRS 5.0.x, OTRS 4.0.x, and OTRS 3.3.x.
21f3598970b7ae6cfb31cada4cccc9ed918166bc63d7eb4d159c64b23c2c0334
Apache Ranger versions prior to 0.7.1 suffer from issues where policy evaluation ignores characters after the asterisk wildcard character and the Hive Authorizer fails to check for RWX permission when an external location is specified.
6814bd6c1f907764b02dff3ce088b9bd5663fc3d7909eb7b4800f10d2cd5fd82
The quicktime_read_moov function in moov.c in libquicktime version 1.2.4 can cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
fb9cf4176e1bb9ffeb25e2984a3e0059e422f89b9a9d4df21f9c53fec333b33d
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco version 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.
366b354d9941351241af58cad87bacc3ce236b5504a9d75b69f7f88ab2e202f7
HPE Security Bulletin HPESBGN03758 1 - A potential security vulnerability has been identified in HPE UCMDB. The vulnerability could be remotely exploited to allow execution of code. Revision 1 of this advisory.
abc2c33ff154d52595c7f537357e1616e0abb2d83811033e13fbdeaa58679370
HPE Security Bulletin HPESBHF03757 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 and Comware 7. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
8ebfadf170d8633a6909f8a457571f141c45d90c5465ec0a3703ee10cecd1e08
Red Hat Security Advisory 2017-1417-01 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
2fd26e9591f0b2af566c13e0715e149d459ccde23acb9dba984c861a8c4fde23
Linux Kernel versions prior to 4.10.13 suffer from a keyctl_set_reqkey_keyring local denial of service vulnerability.
eb31ce0a0f03adae308aa72256412f48eb27210c5ccb26b03e8f3b4580d6441b
PuTTY versions prior to 0.68 suffer from an ssh_agent_channel_data integer overflow heap corruption vulnerability.
01e34d1eeb4771600c59ed6fed2a9ba72439204dcc18f929f87585e682764827
Artifex MuPDF mutool suffers from a null pointer dereference vulnerability.
7013d145c88072d2d4c78b5a62708d12329121691da376896f143cf4f57b8d5d
VMware Workstation version 12 Pro suffers from a null pointer dereference in the vstor2 driver.
7dfc050bb48e7fd3b5f6f5be7c4012afeed48c5754f9d1334d7a8ca265bdacf5
Wireshark versions 2.2.0 through 2.2.12 suffer from a ROS dissector denial of service vulnerability.
16394a2d5c693e2e2ed21e655e6209bda5b287e94eefdc1dcb333a517ec241fe
The Linux kernel suffers from a ping local denial of service vulnerability.
fc0425f288a46253c0792ede11b0a0ab20d3fe0827d81475ae90660602f38d3b
Wireshark version 2.2.6 suffers from an IPv6 dissector denial of service vulnerability.
eb7e25793f0dd5785af0848e65f89921f4ec2f9d4db13c5e9f1b105a620ab7cb
Artifex MuPDF mujstest version 1.10a suffers from a null pointer dereference vulnerability.
3ebd5bf726849372ff64c9cbf1962799127cc01164e3fc83a1ad4178c90b99fc
Net Monitor for Employees Pro versions prior to 5.3.4 suffer from an unquoted service path privilege escalation vulnerability.
a79969f6479c7124bc98763ecfeb997796c5d7e793924ab921f7aa2b83a87483