Security News

CVE-2018-15979

National Vulnerability Database - Thu, 11/29/2018 - 15:29
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-15980

National Vulnerability Database - Thu, 11/29/2018 - 15:29
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-15981

National Vulnerability Database - Thu, 11/29/2018 - 15:29
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Categories: Security News

CVE-2018-8789

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).
Categories: Security News

CVE-2018-10851

National Vulnerability Database - Thu, 11/29/2018 - 13:29
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
Categories: Security News

CVE-2018-14626

National Vulnerability Database - Thu, 11/29/2018 - 13:29
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
Categories: Security News

CVE-2018-16859

National Vulnerability Database - Thu, 11/29/2018 - 13:29
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
Categories: Security News

CVE-2018-19692

National Vulnerability Database - Thu, 11/29/2018 - 13:29
An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type.
Categories: Security News

CVE-2018-19693

National Vulnerability Database - Thu, 11/29/2018 - 13:29
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.
Categories: Security News

CVE-2018-8784

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
Categories: Security News

CVE-2018-8785

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
Categories: Security News

CVE-2018-8786

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
Categories: Security News

CVE-2018-8787

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
Categories: Security News

CVE-2018-8788

National Vulnerability Database - Thu, 11/29/2018 - 13:29
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
Categories: Security News

CVE-2018-11002

National Vulnerability Database - Thu, 11/29/2018 - 11:29
Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.
Categories: Security News

CVE-2018-1762

National Vulnerability Database - Thu, 11/29/2018 - 11:29
IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616.
Categories: Security News

CVE-2018-18649

National Vulnerability Database - Thu, 11/29/2018 - 10:29
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.
Categories: Security News

CVE-2018-12238

National Vulnerability Database - Thu, 11/29/2018 - 09:29
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.
Categories: Security News

CVE-2018-12239

National Vulnerability Database - Thu, 11/29/2018 - 09:29
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected.
Categories: Security News

CVE-2018-12245

National Vulnerability Database - Thu, 11/29/2018 - 09:29
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.
Categories: Security News

Pages