Security News

CVE-2017-16763

National Vulnerability Database - Fri, 11/10/2017 - 04:29
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Categories: Security News

CVE-2017-16764

National Vulnerability Database - Fri, 11/10/2017 - 04:29
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Categories: Security News

Vuln: Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/10/2017 - 00:00
Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: VMware AirWatch Launcher for Android CVE-2017-4932 Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/10/2017 - 00:00
VMware AirWatch Launcher for Android CVE-2017-4932 Privilege Escalation Vulnerability
Categories: Security News

CVE-2017-9758

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."
Categories: Security News

CVE-2017-16754

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
Categories: Security News

CVE-2017-5201

National Vulnerability Database - Thu, 11/09/2017 - 21:29
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.
Categories: Security News

CVE-2017-15638

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.
Categories: Security News

CVE-2017-16249

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568.
Categories: Security News

CVE-2017-16562

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
Categories: Security News

CVE-2017-16567

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."
Categories: Security News

CVE-2017-16568

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.
Categories: Security News

CVE-2017-16633

National Vulnerability Database - Thu, 11/09/2017 - 21:29
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
Categories: Security News

CVE-2017-16634

National Vulnerability Database - Thu, 11/09/2017 - 21:29
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Categories: Security News

CVE-2017-12779

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12780

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12781

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12782

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12783

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12800

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

Pages