Security News

CVE-2011-4973

National Vulnerability Database - Thu, 02/15/2018 - 16:29
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
Categories: Security News

CVE-2014-0013

National Vulnerability Database - Thu, 02/15/2018 - 16:29
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
Categories: Security News

CVE-2014-0014

National Vulnerability Database - Thu, 02/15/2018 - 16:29
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
Categories: Security News

CVE-2018-7173

National Vulnerability Database - Thu, 02/15/2018 - 16:29
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
Categories: Security News

CVE-2018-7174

National Vulnerability Database - Thu, 02/15/2018 - 16:29
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
Categories: Security News

CVE-2018-7175

National Vulnerability Database - Thu, 02/15/2018 - 16:29
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4114-1] jackson-databind security update

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 16:20
[SECURITY] [DSA 4114-1] jackson-databind security update
Categories: Security News

Bugtraq: Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 16:20
Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
Categories: Security News

Bugtraq: [SECURITY] [DSA 4113-1] libvorbis security update

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 16:20
[SECURITY] [DSA 4113-1] libvorbis security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4112-1] xen security update

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 16:20
[SECURITY] [DSA 4112-1] xen security update
Categories: Security News

CVE-2018-7050

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
Categories: Security News

CVE-2018-7051

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
Categories: Security News

CVE-2018-7052

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
Categories: Security News

CVE-2018-7053

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
Categories: Security News

CVE-2018-7054

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits.
Categories: Security News

CVE-2018-7169

National Vulnerability Database - Thu, 02/15/2018 - 15:29
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
Categories: Security News

CVE-2017-15089

National Vulnerability Database - Thu, 02/15/2018 - 12:29
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Categories: Security News

CVE-2018-1041

National Vulnerability Database - Thu, 02/15/2018 - 12:29
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Categories: Security News

CVE-2017-17289

National Vulnerability Database - Thu, 02/15/2018 - 11:29
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal.
Categories: Security News

CVE-2017-17290

National Vulnerability Database - Thu, 02/15/2018 - 11:29
The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with software V600R006C00, ViewPoint 9030 with software V100R011C02, V100R011C03 have a resource management errors vulnerability. An unauthenticated, remote attacker may make the LDAP server not respond to the client's request by controlling the LDAP server. Due to improper management of LDAP connection resource, a successful exploit may cause the connection resource exhausted of the LDAP client.
Categories: Security News

Pages