Security News

CVE-2018-6235

National Vulnerability Database - Fri, 05/25/2018 - 11:29
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Categories: Security News

CVE-2018-6236

National Vulnerability Database - Fri, 05/25/2018 - 11:29
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Categories: Security News

CVE-2018-6237

National Vulnerability Database - Fri, 05/25/2018 - 11:29
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
Categories: Security News

CVE-2017-1752

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.
Categories: Security News

CVE-2018-11469

National Vulnerability Database - Fri, 05/25/2018 - 10:29
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Categories: Security News

CVE-2018-11470

National Vulnerability Database - Fri, 05/25/2018 - 10:29
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
Categories: Security News

CVE-2018-1449

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.
Categories: Security News

CVE-2018-1450

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.
Categories: Security News

CVE-2018-1451

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.
Categories: Security News

CVE-2018-1452

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.
Categories: Security News

CVE-2018-1459

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.
Categories: Security News

CVE-2018-1467

National Vulnerability Database - Fri, 05/25/2018 - 10:29
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.
Categories: Security News

CVE-2018-1488

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.
Categories: Security News

CVE-2018-1515

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 141624.
Categories: Security News

CVE-2018-1544

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 142648.
Categories: Security News

CVE-2018-1565

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 143022.
Categories: Security News

CVE-2017-3961

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
Categories: Security News

CVE-2018-11468

National Vulnerability Database - Fri, 05/25/2018 - 09:29
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
Categories: Security News

CVE-2018-6664

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
Categories: Security News

CVE-2018-6674

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.
Categories: Security News

Pages