Security News

CVE-2016-1000340

National Vulnerability Database - Mon, 06/04/2018 - 09:29
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
Categories: Security News

CVE-2016-1000341

National Vulnerability Database - Mon, 06/04/2018 - 09:29
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
Categories: Security News

CVE-2016-1000342

National Vulnerability Database - Mon, 06/04/2018 - 09:29
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Categories: Security News

CVE-2016-1000343

National Vulnerability Database - Mon, 06/04/2018 - 09:29
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
Categories: Security News

CVE-2018-11709

National Vulnerability Database - Mon, 06/04/2018 - 09:29
wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
Categories: Security News

CVE-2018-11710

National Vulnerability Database - Mon, 06/04/2018 - 09:29
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
Categories: Security News

CVE-2018-11711

National Vulnerability Database - Mon, 06/04/2018 - 09:29
A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device.
Categories: Security News

CVE-2017-18284

National Vulnerability Database - Mon, 06/04/2018 - 02:29
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
Categories: Security News

CVE-2017-18285

National Vulnerability Database - Mon, 06/04/2018 - 02:29
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
Categories: Security News

CVE-2018-11683

National Vulnerability Database - Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
Categories: Security News

CVE-2018-11684

National Vulnerability Database - Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
Categories: Security News

CVE-2018-11685

National Vulnerability Database - Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
Categories: Security News

CVE-2018-11692

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus.
Categories: Security News

CVE-2018-11693

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11694

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11695

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11696

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11697

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11698

National Vulnerability Database - Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11629

National Vulnerability Database - Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.
Categories: Security News

Pages