News aggregator

Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 12/20/2018 - 00:00
GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
Categories: Security News

Vuln: Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/15/2018 - 00:00
Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
Categories: Security News

Vuln: FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/02/2018 - 00:00
FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
Categories: Security News

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

SecurityFocus Vulnerabilities - Mon, 08/13/2018 - 20:20
[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

SecurityFocus Vulnerabilities - Mon, 08/13/2018 - 20:20
[SECURITY] [DSA 4268-1] openjdk-8 security update
Categories: Security News

CVE-2018-6970

National Vulnerability Database - Mon, 08/13/2018 - 17:48
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
Categories: Security News

CVE-2018-14781

National Vulnerability Database - Mon, 08/13/2018 - 17:48
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Categories: Security News

CVE-2018-15123

National Vulnerability Database - Mon, 08/13/2018 - 17:48
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
Categories: Security News

CVE-2018-15124

National Vulnerability Database - Mon, 08/13/2018 - 17:48
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
Categories: Security News

CVE-2018-15125

National Vulnerability Database - Mon, 08/13/2018 - 17:48
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.
Categories: Security News

CVE-2018-10634

National Vulnerability Database - Mon, 08/13/2018 - 17:47
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
Categories: Security News

CVE-2018-10636

National Vulnerability Database - Mon, 08/13/2018 - 17:47
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
Categories: Security News

CVE-2018-10598

National Vulnerability Database - Mon, 08/13/2018 - 17:47
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
Categories: Security News

CVE-2018-3781

National Vulnerability Database - Mon, 08/13/2018 - 15:29
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
Categories: Security News

CVE-2018-3780

National Vulnerability Database - Mon, 08/13/2018 - 15:29
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
Categories: Security News

CVE-2018-15145

National Vulnerability Database - Mon, 08/13/2018 - 14:29
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Categories: Security News

CVE-2018-15139

National Vulnerability Database - Mon, 08/13/2018 - 14:29
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
Categories: Security News

CVE-2018-15140

National Vulnerability Database - Mon, 08/13/2018 - 14:29
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Categories: Security News

CVE-2018-15141

National Vulnerability Database - Mon, 08/13/2018 - 14:29
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Categories: Security News

CVE-2018-15142

National Vulnerability Database - Mon, 08/13/2018 - 14:29
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
Categories: Security News

Pages