Security News

CVE-2018-12467

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
Categories: Security News

CVE-2018-3650

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
Categories: Security News

CVE-2018-3662

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
Categories: Security News

CVE-2018-3663

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.
Categories: Security News

CVE-2018-3666

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Categories: Security News

CVE-2018-3670

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Categories: Security News

CVE-2018-3671

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.
Categories: Security News

CVE-2018-3672

National Vulnerability Database - Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
Categories: Security News

CVE-2018-3921

National Vulnerability Database - Wed, 08/01/2018 - 11:29
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.
Categories: Security News

CVE-2018-3922

National Vulnerability Database - Wed, 08/01/2018 - 11:29
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution.
Categories: Security News

CVE-2018-3923

National Vulnerability Database - Wed, 08/01/2018 - 11:29
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
Categories: Security News

CVE-2016-8608

National Vulnerability Database - Wed, 08/01/2018 - 10:29
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Categories: Security News

CVE-2016-8641

National Vulnerability Database - Wed, 08/01/2018 - 10:29
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Categories: Security News

CVE-2016-8648

National Vulnerability Database - Wed, 08/01/2018 - 10:29
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.
Categories: Security News

CVE-2016-8653

National Vulnerability Database - Wed, 08/01/2018 - 10:29
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.
Categories: Security News

CVE-2016-9581

National Vulnerability Database - Wed, 08/01/2018 - 10:29
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
Categories: Security News

CVE-2018-10916

National Vulnerability Database - Wed, 08/01/2018 - 10:29
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.
Categories: Security News

CVE-2018-1999039

National Vulnerability Database - Wed, 08/01/2018 - 09:29
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
Categories: Security News

CVE-2018-1999040

National Vulnerability Database - Wed, 08/01/2018 - 09:29
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Categories: Security News

CVE-2018-1999041

National Vulnerability Database - Wed, 08/01/2018 - 09:29
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration.
Categories: Security News

Pages