Security News

Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/21/2019 - 00:00
Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability
Categories: Security News

CVE-2019-19702

National Vulnerability Database - Tue, 12/10/2019 - 15:15
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain.
Categories: Security News

CVE-2019-19703

National Vulnerability Database - Tue, 12/10/2019 - 15:15
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
Categories: Security News

CVE-2012-1577

National Vulnerability Database - Tue, 12/10/2019 - 14:15
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
Categories: Security News

CVE-2012-5620

National Vulnerability Database - Tue, 12/10/2019 - 14:15
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Categories: Security News

CVE-2013-1689

National Vulnerability Database - Tue, 12/10/2019 - 13:15
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
Categories: Security News

CVE-2016-1000107

National Vulnerability Database - Tue, 12/10/2019 - 13:15
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
Categories: Security News

CVE-2019-6183

National Vulnerability Database - Tue, 12/10/2019 - 13:15
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
Categories: Security News

CVE-2019-6192

National Vulnerability Database - Tue, 12/10/2019 - 13:15
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
Categories: Security News

December 2019 security updates are available

Security Research & Defense - Tue, 12/10/2019 - 13:04
We have released the December security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of …

December 2019 security updates are available Read More »

Categories: Security News

CVE-2019-4095

National Vulnerability Database - Tue, 12/10/2019 - 11:15
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
Categories: Security News

CVE-2019-4244

National Vulnerability Database - Tue, 12/10/2019 - 11:15
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
Categories: Security News

CVE-2019-4521

National Vulnerability Database - Tue, 12/10/2019 - 11:15
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
Categories: Security News

CVE-2019-4663 (websphere_application_server)

National Vulnerability Database - Tue, 12/10/2019 - 11:15
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.
Categories: Security News

CVE-2019-19251

National Vulnerability Database - Tue, 12/10/2019 - 10:15
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
Categories: Security News

CVE-2013-2159

National Vulnerability Database - Tue, 12/10/2019 - 10:15
Monkey HTTP Daemon: broken user name authentication
Categories: Security News

CVE-2013-2166

National Vulnerability Database - Tue, 12/10/2019 - 10:15
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Categories: Security News

CVE-2013-2167

National Vulnerability Database - Tue, 12/10/2019 - 10:15
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Categories: Security News

CVE-2013-2183

National Vulnerability Database - Tue, 12/10/2019 - 10:15
Monkey HTTP Daemon has local security bypass
Categories: Security News

CVE-2013-4120 (katello)

National Vulnerability Database - Tue, 12/10/2019 - 10:15
Katello has a Denial of Service vulnerability in API OAuth authentication
Categories: Security News

Pages