Security News

CVE-2019-8343 (netwide_assembler)

National Vulnerability Database - Fri, 02/15/2019 - 02:29
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
Categories: Security News

Vuln: Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Fri, 02/15/2019 - 00:00
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
Categories: Security News

Vuln: Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability

SecurityFocus Vulnerabilities - Fri, 02/15/2019 - 00:00
Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability
Categories: Security News

Vuln: Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/14/2019 - 00:00
Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability
Categories: Security News

Vuln: Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 02/14/2019 - 00:00
Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
Categories: Security News

Vuln: Linux Kernel CVE-2017-7895 Multiple Security Bypass Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 02/14/2019 - 00:00
Linux Kernel CVE-2017-7895 Multiple Security Bypass Vulnerabilities
Categories: Security News

CVE-2019-6589

National Vulnerability Database - Wed, 02/13/2019 - 19:29
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
Categories: Security News

CVE-2018-6267

National Vulnerability Database - Wed, 02/13/2019 - 17:29
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.
Categories: Security News

CVE-2018-6268

National Vulnerability Database - Wed, 02/13/2019 - 17:29
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.
Categories: Security News

CVE-2018-6271

National Vulnerability Database - Wed, 02/13/2019 - 17:29
NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
Categories: Security News

CVE-2018-19008

National Vulnerability Database - Wed, 02/13/2019 - 16:29
The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
Categories: Security News

CVE-2019-8337

National Vulnerability Database - Wed, 02/13/2019 - 15:29
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
Categories: Security News

CVE-2019-5915

National Vulnerability Database - Wed, 02/13/2019 - 13:29
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
Categories: Security News

CVE-2019-5916

National Vulnerability Database - Wed, 02/13/2019 - 13:29
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.
Categories: Security News

CVE-2018-0696

National Vulnerability Database - Wed, 02/13/2019 - 13:29
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Categories: Security News

CVE-2018-12409

National Vulnerability Database - Wed, 02/13/2019 - 13:29
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.
Categories: Security News

CVE-2018-13403

National Vulnerability Database - Wed, 02/13/2019 - 13:29
The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
Categories: Security News

CVE-2018-13404

National Vulnerability Database - Wed, 02/13/2019 - 13:29
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.
Categories: Security News

CVE-2018-16189

National Vulnerability Database - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-16190

National Vulnerability Database - Wed, 02/13/2019 - 13:29
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

Pages