Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2018-15917: CVE-2018-15917 Jorani Leave Management System 0.6.5 - Cross-Site Scripting Persistente - Hackpuntes

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.

CVE
Open in Source
#sql#xss#web#ios#mac#git#java#php#acer
CVE-2018-11314: Millions of Google, Roku, and Sonos Devices Are Vulnerable to a Web Attack

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

CVE-2017-18075

crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.

CVE-2017-12113: TALOS-2017-0465 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12118: TALOS-2017-0470 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.

CVE-2017-12116: TALOS-2017-0468 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12114: TALOS-2017-0466 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12112: TALOS-2017-0464 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12117: TALOS-2017-0469 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.

CVE-2017-12115: TALOS-2017-0467 || Cisco Talos Intelligence Group

An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.