Security News

CVE-2018-10955

National Vulnerability Database - Wed, 05/09/2018 - 22:29
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.
Categories: Security News

CVE-2018-10957

National Vulnerability Database - Wed, 05/09/2018 - 22:29
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
Categories: Security News

CVE-2018-10958

National Vulnerability Database - Wed, 05/09/2018 - 22:29
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
Categories: Security News

CVE-2018-10962

National Vulnerability Database - Wed, 05/09/2018 - 22:29
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because mouse_event is not properly considered.
Categories: Security News

CVE-2018-10963

National Vulnerability Database - Wed, 05/09/2018 - 22:29
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file.
Categories: Security News

CVE-2018-10949

National Vulnerability Database - Wed, 05/09/2018 - 21:29
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
Categories: Security News

CVE-2018-10950

National Vulnerability Database - Wed, 05/09/2018 - 21:29
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
Categories: Security News

CVE-2018-10951

National Vulnerability Database - Wed, 05/09/2018 - 21:29
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Categories: Security News

CVE-2018-6020

National Vulnerability Database - Wed, 05/09/2018 - 17:29
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.
Categories: Security News

CVE-2018-6021

National Vulnerability Database - Wed, 05/09/2018 - 17:29
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.
Categories: Security News

CVE-2018-8860

National Vulnerability Database - Wed, 05/09/2018 - 17:29
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.
Categories: Security News

CVE-2018-2422

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Categories: Security News

CVE-2018-2423

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Categories: Security News

CVE-2017-14474

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14475

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14476

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14477

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14478

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14479

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2017-14480

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

Pages