Security News

Bugtraq: [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS)

SecurityFocus Vulnerabilities - Fri, 03/02/2018 - 04:20
[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS)
Categories: Security News

CVE-2018-1065

National Vulnerability Database - Fri, 03/02/2018 - 03:29
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
Categories: Security News

CVE-2018-1066

National Vulnerability Database - Fri, 03/02/2018 - 03:29
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
Categories: Security News

Vuln: GNU libcdio 'iso-info.c' Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Fri, 03/02/2018 - 00:00
GNU libcdio 'iso-info.c' Denial of Service Vulnerability
Categories: Security News

CVE-2018-1169

National Vulnerability Database - Thu, 03/01/2018 - 20:29
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521.
Categories: Security News

CVE-2018-1170

National Vulnerability Database - Thu, 03/01/2018 - 20:29
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.
Categories: Security News

CVE-2018-6490

National Vulnerability Database - Thu, 03/01/2018 - 20:29
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
Categories: Security News

CVE-2017-6926

National Vulnerability Database - Thu, 03/01/2018 - 18:29
In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
Categories: Security News

CVE-2017-6927

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
Categories: Security News

CVE-2017-6928

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Categories: Security News

CVE-2017-6929

National Vulnerability Database - Thu, 03/01/2018 - 18:29
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
Categories: Security News

CVE-2017-6930

National Vulnerability Database - Thu, 03/01/2018 - 18:29
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().
Categories: Security News

CVE-2017-6931

National Vulnerability Database - Thu, 03/01/2018 - 18:29
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.
Categories: Security News

CVE-2017-6932

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Categories: Security News

CVE-2018-7634

National Vulnerability Database - Thu, 03/01/2018 - 18:29
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
Categories: Security News

CVE-2017-15134

National Vulnerability Database - Thu, 03/01/2018 - 17:29
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Categories: Security News

CVE-2017-18212

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex frunction in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.
Categories: Security News

CVE-2018-7586

National Vulnerability Database - Thu, 03/01/2018 - 17:29
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
Categories: Security News

CVE-2018-7587

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
Categories: Security News

CVE-2018-7588

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
Categories: Security News

Pages