Оказание ИТ услуг Кемерово CVE-2014-8385 (eki-1200_gateway_series_firmware)

    Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
      Теги:
    • нет
    • 0
    • 0
    • 0 комментариев

    Оказание ИТ услуг Кемерово CVE-2014-8122

      Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
        Теги:
      • нет
      • 0
      • 0
      • 0 комментариев

      Оказание ИТ услуг Кемерово CVE-2014-8110 (activemq)

        Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
          Теги:
        • нет
        • 0
        • 0
        • 0 комментариев

        Оказание ИТ услуг Кемерово CVE-2014-8023

          Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.
            Теги:
          • нет
          • 0
          • 0
          • 0 комментариев

          Оказание ИТ услуг Кемерово CVE-2014-7853

            The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
              Теги:
            • нет
            • 0
            • 0
            • 0 комментариев

            Оказание ИТ услуг Кемерово CVE-2014-7849

              The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
                Теги:
              • нет
              • 0
              • 0
              • 0 комментариев

              Оказание ИТ услуг Кемерово CVE-2014-7827

                The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
                  Теги:
                • нет
                • 0
                • 0
                • 0 комментариев

                Оказание ИТ услуг Кемерово CVE-2014-6195

                  The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.
                    Теги:
                  • нет
                  • 0
                  • 0
                  • 0 комментариев

                  Оказание ИТ услуг Кемерово CVE-2014-6194

                    Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a… (dot dot) in a pathname.
                      Теги:
                    • нет
                    • 0
                    • 0
                    • 0 комментариев