Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file,...
Read MoreIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Read MoreInsufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
Read MoreImproper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
Read MoreA sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be...
Read MoreAffected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before...
Read Moreu’In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity, Snapdragon...
Read MoreA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This...
Read MoreDr. Therese McAllister of NIST’s Community Resilience Program will be presenting on Community Resilience and the Role of Federal Support in Florida International University’s Preeminent Institute for Resilient and...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read More