Security News

CVE-2017-12801

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12802

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12803

National Vulnerability Database - Thu, 11/09/2017 - 21:29
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12969

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
Categories: Security News

CVE-2017-11309

National Vulnerability Database - Thu, 11/09/2017 - 21:29
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Categories: Security News

CVE-2017-11461

National Vulnerability Database - Thu, 11/09/2017 - 21:29
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.
Categories: Security News

CVE-2017-16758

National Vulnerability Database - Thu, 11/09/2017 - 17:29
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.
Categories: Security News

CVE-2017-16759

National Vulnerability Database - Thu, 11/09/2017 - 17:29
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
Categories: Security News

CVE-2017-16757

National Vulnerability Database - Thu, 11/09/2017 - 16:29
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4025-1] libpam4j security update

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 14:20
[SECURITY] [DSA 4025-1] libpam4j security update
Categories: Security News

Bugtraq: AST-2017-011: Memory leak in pjsip session resource

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 14:20
AST-2017-011: Memory leak in pjsip session resource
Categories: Security News

Bugtraq: AST-2017-010: Buffer overflow in CDR's set user

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 14:20
AST-2017-010: Buffer overflow in CDR's set user
Categories: Security News

Bugtraq: AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 14:20
AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk
Categories: Security News

CVE-2017-16711

National Vulnerability Database - Thu, 11/09/2017 - 13:29
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
Categories: Security News

CVE-2015-7501

National Vulnerability Database - Thu, 11/09/2017 - 12:29
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Categories: Security News

CVE-2017-16651

National Vulnerability Database - Thu, 11/09/2017 - 09:29
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.
Categories: Security News

Vuln: Multiple Asterisk Products Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 00:00
Multiple Asterisk Products Information Disclosure Vulnerability
Categories: Security News

Vuln: Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 00:00
Multiple Asterisk Products CDR Remote Buffer Overflow Vulnerability
Categories: Security News

Vuln: Multiple Asterisk Products 'pjproject ' Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 00:00
Multiple Asterisk Products 'pjproject ' Buffer Overflow Vulnerability
Categories: Security News

Vuln: Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/09/2017 - 00:00
Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability
Categories: Security News

Pages