Security News

CVE-2018-14245

National Vulnerability Database - Tue, 07/31/2018 - 16:29
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008.
Categories: Security News

CVE-2018-14246

National Vulnerability Database - Tue, 07/31/2018 - 16:29
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009.
Categories: Security News

CVE-2016-8626

National Vulnerability Database - Tue, 07/31/2018 - 15:29
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
Categories: Security News

CVE-2016-8657

National Vulnerability Database - Tue, 07/31/2018 - 15:29
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
Categories: Security News

CVE-2017-5693

National Vulnerability Database - Tue, 07/31/2018 - 15:29
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.
Categories: Security News

CVE-2018-10592

National Vulnerability Database - Tue, 07/31/2018 - 13:29
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
Categories: Security News

CVE-2018-10603

National Vulnerability Database - Tue, 07/31/2018 - 13:29
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
Categories: Security News

CVE-2018-10607

National Vulnerability Database - Tue, 07/31/2018 - 13:29
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
Categories: Security News

CVE-2018-10609

National Vulnerability Database - Tue, 07/31/2018 - 13:29
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
Categories: Security News

CVE-2017-13652

National Vulnerability Database - Tue, 07/31/2018 - 12:29
NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.
Categories: Security News

Bugtraq: [slackware-security] seamonkey (SSA:2018-212-02)

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 11:20
[slackware-security] seamonkey (SSA:2018-212-02)
Categories: Security News

Bugtraq: [slackware-security] file (SSA:2018-212-01)

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 11:20
[slackware-security] file (SSA:2018-212-01)
Categories: Security News

CVE-2018-7957

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.
Categories: Security News

CVE-2018-7992

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition.
Categories: Security News

CVE-2018-7993

National Vulnerability Database - Tue, 07/31/2018 - 10:29
HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.
Categories: Security News

CVE-2018-7994

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.
Categories: Security News

CVE-2017-17174

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak.
Categories: Security News

CVE-2017-17707

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
Categories: Security News

CVE-2017-17708

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.
Categories: Security News

CVE-2018-11338

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.
Categories: Security News

Pages