Security News

Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 12/20/2018 - 00:00
GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
Categories: Security News

Vuln: Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/15/2018 - 00:00
Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
Categories: Security News

Vuln: FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/02/2018 - 00:00
FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
Categories: Security News

Bugtraq: PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

SecurityFocus Vulnerabilities - Thu, 05/24/2018 - 14:20
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)
Categories: Security News

CVE-2018-10593

National Vulnerability Database - Thu, 05/24/2018 - 12:29
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption.
Categories: Security News

CVE-2018-10595

National Vulnerability Database - Thu, 05/24/2018 - 12:29
A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data.
Categories: Security News

CVE-2018-11332

National Vulnerability Database - Thu, 05/24/2018 - 12:29
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
Categories: Security News

CVE-2018-8013

National Vulnerability Database - Thu, 05/24/2018 - 12:29
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
Categories: Security News

CVE-2017-17158

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure.
Categories: Security News

CVE-2017-17315

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specially crafted SCCP messages to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause some services abnormal.
Categories: Security News

CVE-2018-5485

National Vulnerability Database - Thu, 05/24/2018 - 10:29
NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.
Categories: Security News

CVE-2018-5487

National Vulnerability Database - Thu, 05/24/2018 - 10:29
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
Categories: Security News

CVE-2018-7902

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
Categories: Security News

CVE-2018-7903

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
Categories: Security News

CVE-2018-7904

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
Categories: Security News

CVE-2018-7942

National Vulnerability Database - Thu, 05/24/2018 - 10:29
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
Categories: Security News

CVE-2018-1000040

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
Categories: Security News

CVE-2018-1000155

National Vulnerability Database - Thu, 05/24/2018 - 09:29
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
Categories: Security News

CVE-2018-1000199

National Vulnerability Database - Thu, 05/24/2018 - 09:29
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Categories: Security News

CVE-2018-1000300

National Vulnerability Database - Thu, 05/24/2018 - 09:29
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
Categories: Security News

Pages