Security News

CVE-2018-15495

National Vulnerability Database - Fri, 08/17/2018 - 22:29
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
Categories: Security News

CVE-2018-15501

National Vulnerability Database - Fri, 08/17/2018 - 22:29
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
Categories: Security News

CVE-2018-15503

National Vulnerability Database - Fri, 08/17/2018 - 22:29
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
Categories: Security News

CVE-2018-15491

National Vulnerability Database - Fri, 08/17/2018 - 22:29
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
Categories: Security News

CVE-2018-14981

National Vulnerability Database - Fri, 08/17/2018 - 16:29
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
Categories: Security News

CVE-2018-14982

National Vulnerability Database - Fri, 08/17/2018 - 16:29
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
Categories: Security News

CVE-2018-15482

National Vulnerability Database - Fri, 08/17/2018 - 16:29
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
Categories: Security News

CVE-2018-15473

National Vulnerability Database - Fri, 08/17/2018 - 15:29
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Categories: Security News

CVE-2018-15471

National Vulnerability Database - Fri, 08/17/2018 - 14:29
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
Categories: Security News

CVE-2018-6622

National Vulnerability Database - Fri, 08/17/2018 - 14:29
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Categories: Security News

CVE-2018-14057

National Vulnerability Database - Fri, 08/17/2018 - 14:29
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
Categories: Security News

CVE-2018-14058

National Vulnerability Database - Fri, 08/17/2018 - 14:29
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
Categories: Security News

CVE-2018-15468

National Vulnerability Database - Fri, 08/17/2018 - 14:29
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.
Categories: Security News

CVE-2018-15469

National Vulnerability Database - Fri, 08/17/2018 - 14:29
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).
Categories: Security News

CVE-2018-15470

National Vulnerability Database - Fri, 08/17/2018 - 14:29
An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.
Categories: Security News

CVE-2017-1732

National Vulnerability Database - Fri, 08/17/2018 - 12:29
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913.
Categories: Security News

CVE-2018-15356

National Vulnerability Database - Fri, 08/17/2018 - 11:29
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15357

National Vulnerability Database - Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15358

National Vulnerability Database - Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15359

National Vulnerability Database - Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

Pages