Security News

Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 12/20/2018 - 00:00
GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
Categories: Security News

Vuln: Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/15/2018 - 00:00
Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
Categories: Security News

Vuln: IBM Maximo Asset Management CVE-2018-1872 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - 8 hours 33 min ago
IBM Maximo Asset Management CVE-2018-1872 Cross Site Scripting Vulnerability
Categories: Security News

CVE-2018-20000

National Vulnerability Database - Sun, 12/09/2018 - 21:29
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.
Categories: Security News

CVE-2018-20001

National Vulnerability Database - Sun, 12/09/2018 - 21:29
In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input.
Categories: Security News

CVE-2018-20002

National Vulnerability Database - Sun, 12/09/2018 - 21:29
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
Categories: Security News

CVE-2018-19991

National Vulnerability Database - Sun, 12/09/2018 - 19:29
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
Categories: Security News

CVE-2018-19653

National Vulnerability Database - Sun, 12/09/2018 - 14:29
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Categories: Security News

CVE-2018-19982

National Vulnerability Database - Sun, 12/09/2018 - 14:29
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.
Categories: Security News

CVE-2018-19983

National Vulnerability Database - Sun, 12/09/2018 - 14:29
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted.
Categories: Security News

Vuln: GNU Binutils CVE-2018-20002 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sun, 12/09/2018 - 00:00
GNU Binutils CVE-2018-20002 Denial of Service Vulnerability
Categories: Security News

CVE-2018-19980

National Vulnerability Database - Sat, 12/08/2018 - 13:29
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
Categories: Security News

CVE-2018-19961

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
Categories: Security News

CVE-2018-19962

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
Categories: Security News

CVE-2018-19963

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
Categories: Security News

CVE-2018-19964

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
Categories: Security News

CVE-2018-19965

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
Categories: Security News

CVE-2018-19966

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
Categories: Security News

CVE-2018-19967

National Vulnerability Database - Fri, 12/07/2018 - 23:29
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
Categories: Security News

CVE-2018-9517

National Vulnerability Database - Fri, 12/07/2018 - 18:29
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
Categories: Security News

Pages