Security News

CVE-2018-15323

National Vulnerability Database - Wed, 10/31/2018 - 10:29
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.
Categories: Security News

CVE-2018-15324

National Vulnerability Database - Wed, 10/31/2018 - 10:29
On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.
Categories: Security News

CVE-2018-15325

National Vulnerability Database - Wed, 10/31/2018 - 10:29
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands
Categories: Security News

CVE-2018-15326

National Vulnerability Database - Wed, 10/31/2018 - 10:29
In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.
Categories: Security News

CVE-2018-15327

National Vulnerability Database - Wed, 10/31/2018 - 10:29
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Categories: Security News

CVE-2016-2121

National Vulnerability Database - Wed, 10/31/2018 - 09:29
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
Categories: Security News

CVE-2016-5402

National Vulnerability Database - Wed, 10/31/2018 - 09:29
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
Categories: Security News

CVE-2016-6343

National Vulnerability Database - Wed, 10/31/2018 - 09:29
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
Categories: Security News

CVE-2018-1851

National Vulnerability Database - Wed, 10/31/2018 - 09:29
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.
Categories: Security News

CVE-2018-18868

National Vulnerability Database - Wed, 10/31/2018 - 02:29
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter.
Categories: Security News

CVE-2018-18869

National Vulnerability Database - Wed, 10/31/2018 - 02:29
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter.
Categories: Security News

CVE-2018-18853

National Vulnerability Database - Wed, 10/31/2018 - 01:29
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
Categories: Security News

CVE-2018-18854

National Vulnerability Database - Wed, 10/31/2018 - 01:29
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Categories: Security News

CVE-2018-18867

National Vulnerability Database - Wed, 10/31/2018 - 01:29
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
Categories: Security News

Vuln: Mozilla Thunderbird MFSA2018-28 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 10/31/2018 - 00:00
Mozilla Thunderbird MFSA2018-28 Multiple Security Vulnerabilities
Categories: Security News

Vuln: Multiple Cisco Products CVE-2018-15454 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/31/2018 - 00:00
Multiple Cisco Products CVE-2018-15454 Denial of Service Vulnerability
Categories: Security News

Vuln: PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/31/2018 - 00:00
PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation Vulnerability
Categories: Security News

Vuln: Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/31/2018 - 00:00
Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability
Categories: Security News

Vuln: OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Wed, 10/31/2018 - 00:00
OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
Categories: Security News

CVE-2018-18850

National Vulnerability Database - Tue, 10/30/2018 - 23:29
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
Categories: Security News

Pages