Security News

CVE-2017-12635

National Vulnerability Database - Tue, 11/14/2017 - 15:29
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
Categories: Security News

CVE-2017-12636

National Vulnerability Database - Tue, 11/14/2017 - 15:29
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Categories: Security News

CVE-2017-16815

National Vulnerability Database - Tue, 11/14/2017 - 14:29
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
Categories: Security News

CVE-2017-16239

National Vulnerability Database - Tue, 11/14/2017 - 12:29
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected.
Categories: Security News

CVE-2017-6264

National Vulnerability Database - Tue, 11/14/2017 - 12:29
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264.
Categories: Security News

CVE-2017-9085

National Vulnerability Database - Tue, 11/14/2017 - 12:29
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp.
Categories: Security News

CVE-2017-12624

National Vulnerability Database - Tue, 11/14/2017 - 11:29
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".
Categories: Security News

CVE-2017-6274

National Vulnerability Database - Tue, 11/14/2017 - 11:29
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.
Categories: Security News

CVE-2017-6275

National Vulnerability Database - Tue, 11/14/2017 - 11:29
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
Categories: Security News

Vuln: Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/14/2017 - 00:00
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/14/2017 - 00:00
PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
Categories: Security News

CVE-2017-16810

National Vulnerability Database - Mon, 11/13/2017 - 22:29
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.
Categories: Security News

CVE-2017-1221

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
Categories: Security News

CVE-2017-1229

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.
Categories: Security News

CVE-2017-1453

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
Categories: Security News

CVE-2017-1477

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.
Categories: Security News

CVE-2017-1710

National Vulnerability Database - Mon, 11/13/2017 - 18:29
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
Categories: Security News

CVE-2016-8610

National Vulnerability Database - Mon, 11/13/2017 - 17:29
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Categories: Security News

CVE-2017-15525

National Vulnerability Database - Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Categories: Security News

CVE-2017-15526

National Vulnerability Database - Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
Categories: Security News

Pages