Category Archives: Advisories

Advisories

ZDI-23-082: Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Information Disclosure Vulnerability

Read Time:10 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Read More

Advisories

CVE-2010-10006

Read Time:21 Second

A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460.

Read More

Advisories

DSA-5321 sudo – security update

Read Time:20 Second

Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a
program designed to provide limited super user privileges to specific
users, does not properly handle ‘–‘ to separate the editor and
arguments from files to edit. A local user permitted to edit certain
files can take advantage of this flaw to edit a file not permitted by
the security policy, resulting in privilege escalation.

Read More

Advisories

CVE-2014-125081

Read Time:16 Second

A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459.

Read More