Security News

CVE-2017-16358

National Vulnerability Database - Wed, 11/01/2017 - 13:29
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
Categories: Security News

CVE-2017-16359

National Vulnerability Database - Wed, 11/01/2017 - 13:29
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
Categories: Security News

CVE-2017-16352

National Vulnerability Database - Wed, 11/01/2017 - 11:29
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
Categories: Security News

CVE-2017-16353

National Vulnerability Database - Wed, 11/01/2017 - 11:29
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
Categories: Security News

CVE-2017-1000242

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
Categories: Security News

CVE-2017-1000243

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Categories: Security News

CVE-2017-1000244

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
Categories: Security News

CVE-2017-1000245

National Vulnerability Database - Wed, 11/01/2017 - 09:29
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Categories: Security News

CVE-2017-12625

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Categories: Security News

Bugtraq: APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 09:20
APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4
Categories: Security News

Bugtraq: APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 09:20
APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11
Categories: Security News

Bugtraq: APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 09:20
APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4
Categories: Security News

Bugtraq: APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 09:20
APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11
Categories: Security News

More rss feeds from SecurityFocus

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 09:20
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories: Security News

Vuln: Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 00:00
Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
Categories: Security News

Vuln: GNU Wget CVE-2016-7098 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 00:00
GNU Wget CVE-2016-7098 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 00:00
Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
Categories: Security News

Vuln: HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability

SecurityFocus Vulnerabilities - Wed, 11/01/2017 - 00:00
HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability
Categories: Security News

CVE-2017-14021

National Vulnerability Database - Tue, 10/31/2017 - 22:29
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
Categories: Security News

CVE-2017-14027

National Vulnerability Database - Tue, 10/31/2017 - 22:29
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
Categories: Security News

Pages