Security News

CVE-2018-19838

National Vulnerability Database - Tue, 12/04/2018 - 04:29
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Categories: Security News

CVE-2018-19839

National Vulnerability Database - Tue, 12/04/2018 - 04:29
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Categories: Security News

CVE-2018-19840

National Vulnerability Database - Tue, 12/04/2018 - 04:29
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.
Categories: Security News

CVE-2018-19841

National Vulnerability Database - Tue, 12/04/2018 - 04:29
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.
Categories: Security News

CVE-2018-19842

National Vulnerability Database - Tue, 12/04/2018 - 04:29
getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.
Categories: Security News

CVE-2018-19843

National Vulnerability Database - Tue, 12/04/2018 - 04:29
opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.
Categories: Security News

CVE-2018-19849

National Vulnerability Database - Tue, 12/04/2018 - 04:29
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
Categories: Security News

CVE-2018-19853

National Vulnerability Database - Tue, 12/04/2018 - 04:29
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account.
Categories: Security News

Vuln: SpiderControl SCADA WebServer CVE-2018-18991 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Tue, 12/04/2018 - 00:00
SpiderControl SCADA WebServer CVE-2018-18991 Cross Site Scripting Vulnerability
Categories: Security News

Vuln: Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 12/04/2018 - 00:00
Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities
Categories: Security News

Vuln: 3GPP IP-Multimedia Subsystem Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 12/04/2018 - 00:00
3GPP IP-Multimedia Subsystem Multiple Security Vulnerabilities
Categories: Security News

Vuln: Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Tue, 12/04/2018 - 00:00
Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-14695

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.
Categories: Security News

CVE-2018-14696

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
Categories: Security News

CVE-2018-14697

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.
Categories: Security News

CVE-2018-14698

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
Categories: Security News

CVE-2018-14699

National Vulnerability Database - Mon, 12/03/2018 - 17:29
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
Categories: Security News

CVE-2018-14700

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter.
Categories: Security News

CVE-2018-14701

National Vulnerability Database - Mon, 12/03/2018 - 17:29
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter.
Categories: Security News

CVE-2018-14702

National Vulnerability Database - Mon, 12/03/2018 - 17:29
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
Categories: Security News

Pages