Security News

CVE-2017-10885

National Vulnerability Database - Mon, 11/13/2017 - 09:29
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2017-3166

National Vulnerability Database - Mon, 11/13/2017 - 09:29
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
Categories: Security News

CVE-2017-7739

National Vulnerability Database - Mon, 11/13/2017 - 09:29
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
Categories: Security News

CVE-2017-11169

National Vulnerability Database - Mon, 11/13/2017 - 04:29
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.
Categories: Security News

CVE-2017-14711

National Vulnerability Database - Mon, 11/13/2017 - 04:29
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.
Categories: Security News

CVE-2017-16792

National Vulnerability Database - Mon, 11/13/2017 - 04:29
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
Categories: Security News

CVE-2017-16801

National Vulnerability Database - Mon, 11/13/2017 - 04:29
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
Categories: Security News

CVE-2017-8806

National Vulnerability Database - Mon, 11/13/2017 - 04:29
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
Categories: Security News

Vuln: Multiple IBM Products CVE-2017-1710 Remote Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Mon, 11/13/2017 - 00:00
Multiple IBM Products CVE-2017-1710 Remote Privilege Escalation Vulnerability
Categories: Security News

Vuln: Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Mon, 11/13/2017 - 00:00
Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: VMware AirWatch Console Module Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 11/13/2017 - 00:00
VMware AirWatch Console Module Multiple Security Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'drivers/net/usb/asix_devices.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Mon, 11/13/2017 - 00:00
Linux Kernel 'drivers/net/usb/asix_devices.c' Local Denial of Service Vulnerability
Categories: Security News

CVE-2017-13831

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.
Categories: Security News

CVE-2017-13832

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support.
Categories: Security News

CVE-2017-13833

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13834

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary.
Categories: Security News

CVE-2017-13836

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Categories: Security News

CVE-2017-13838

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13840

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Categories: Security News

CVE-2017-13841

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
Categories: Security News

Pages