Security News

CVE-2018-7542

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
Categories: Security News

CVE-2018-1372

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.
Categories: Security News

CVE-2018-1399

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.
Categories: Security News

CVE-2018-1416

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.
Categories: Security News

CVE-2018-1425

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.
Categories: Security News

CVE-2017-15692

National Vulnerability Database - Tue, 02/27/2018 - 10:29
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
Categories: Security News

CVE-2017-15693

National Vulnerability Database - Tue, 02/27/2018 - 10:29
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.
Categories: Security News

CVE-2017-16767

National Vulnerability Database - Tue, 02/27/2018 - 10:29
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.
Categories: Security News

CVE-2017-16770

National Vulnerability Database - Tue, 02/27/2018 - 10:29
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.
Categories: Security News

CVE-2017-17478

National Vulnerability Database - Tue, 02/27/2018 - 10:29
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.
Categories: Security News

CVE-2018-0489

National Vulnerability Database - Tue, 02/27/2018 - 10:29
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
Categories: Security News

CVE-2018-7172

National Vulnerability Database - Tue, 02/27/2018 - 10:29
In index.php in WonderCMS 2.4.0, remote attackers can delete arbitrary files via directory traversal.
Categories: Security News

Bugtraq: ES2018-04 Asterisk pjsip tcp segfault

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 02:20
ES2018-04 Asterisk pjsip tcp segfault
Categories: Security News

Bugtraq: ES2018-03 Asterisk pjsip sdp invalid media format description segfault

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 02:20
ES2018-03 Asterisk pjsip sdp invalid media format description segfault
Categories: Security News

Bugtraq: ES2018-02 Asterisk pjsip sdp invalid fmtp segfault

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 02:20
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault
Categories: Security News

Bugtraq: ES2018-01 Asterisk pjsip subscribe stack corruption

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 02:20
ES2018-01 Asterisk pjsip subscribe stack corruption
Categories: Security News

CVE-2017-18202

National Vulnerability Database - Tue, 02/27/2018 - 01:29
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
Categories: Security News

CVE-2018-4910

National Vulnerability Database - Tue, 02/27/2018 - 00:29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
Categories: Security News

CVE-2018-4911

National Vulnerability Database - Tue, 02/27/2018 - 00:29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
Categories: Security News

CVE-2018-4912

National Vulnerability Database - Tue, 02/27/2018 - 00:29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.
Categories: Security News

Pages