Security News

Bugtraq: [CORE-2018-0009] - SoftNAS Cloud OS Command Injection

SecurityFocus Vulnerabilities - Fri, 07/27/2018 - 09:20
[CORE-2018-0009] - SoftNAS Cloud OS Command Injection
Categories: Security News

CVE-2017-12151

National Vulnerability Database - Fri, 07/27/2018 - 08:29
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
Categories: Security News

CVE-2017-7464

National Vulnerability Database - Fri, 07/27/2018 - 08:29
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.
Categories: Security News

CVE-2018-14609

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
Categories: Security News

CVE-2018-14610

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.
Categories: Security News

CVE-2018-14611

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.
Categories: Security News

CVE-2018-14612

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.
Categories: Security News

CVE-2018-14613

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.
Categories: Security News

CVE-2018-14614

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
Categories: Security News

CVE-2018-14615

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.
Categories: Security News

CVE-2018-14616

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
Categories: Security News

CVE-2018-14617

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
Categories: Security News

Vuln: Linux Kernel Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 07/27/2018 - 00:00
Linux Kernel Multiple Denial of Service Vulnerabilities
Categories: Security News

CVE-2018-14601

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
Categories: Security News

CVE-2018-14602

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
Categories: Security News

CVE-2018-14603

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
Categories: Security News

CVE-2018-14604

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
Categories: Security News

CVE-2018-14605

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
Categories: Security News

CVE-2018-14606

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
Categories: Security News

CVE-2018-14607

National Vulnerability Database - Thu, 07/26/2018 - 18:29
Thompson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
Categories: Security News

Pages