Security News

CVE-2019-4497

National Vulnerability Database - Tue, 10/01/2019 - 11:15
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.
Categories: Security News

CVE-2019-17056

National Vulnerability Database - Tue, 10/01/2019 - 10:15
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
Categories: Security News

CVE-2019-17055

National Vulnerability Database - Tue, 10/01/2019 - 10:15
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
Categories: Security News

CVE-2019-17054

National Vulnerability Database - Tue, 10/01/2019 - 10:15
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
Categories: Security News

CVE-2019-17053

National Vulnerability Database - Tue, 10/01/2019 - 10:15
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
Categories: Security News

CVE-2019-17052

National Vulnerability Database - Tue, 10/01/2019 - 10:15
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
Categories: Security News

CVE-2019-15039

National Vulnerability Database - Tue, 10/01/2019 - 10:15
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1.
Categories: Security News

CVE-2019-14954

National Vulnerability Database - Tue, 10/01/2019 - 10:15
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
Categories: Security News

CVE-2019-14952

National Vulnerability Database - Tue, 10/01/2019 - 10:15
JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles.
Categories: Security News

CVE-2019-10435

National Vulnerability Database - Tue, 10/01/2019 - 10:15
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
Categories: Security News

CVE-2019-10434

National Vulnerability Database - Tue, 10/01/2019 - 10:15
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Categories: Security News

CVE-2019-10433

National Vulnerability Database - Tue, 10/01/2019 - 10:15
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Categories: Security News

CVE-2019-10432

National Vulnerability Database - Tue, 10/01/2019 - 10:15
Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those.
Categories: Security News

CVE-2019-10431

National Vulnerability Database - Tue, 10/01/2019 - 10:15
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
Categories: Security News

CVE-2019-15940

National Vulnerability Database - Tue, 10/01/2019 - 09:15
Victure PC530 devices allow unauthenticated TELNET access as root.
Categories: Security News

CVE-2019-16508

National Vulnerability Database - Tue, 10/01/2019 - 08:15
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
Categories: Security News

CVE-2019-16760

National Vulnerability Database - Mon, 09/30/2019 - 18:15
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. If you published a crate, for example, that depends on `serde1` to crates.io then users who depend on you may also be vulnerable if they use Rust 1.25.0 and prior. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no patch issued for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.
Categories: Security News

CVE-2019-3728

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.
Categories: Security News

CVE-2019-3729

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.
Categories: Security News

CVE-2019-3730

National Vulnerability Database - Mon, 09/30/2019 - 18:15
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a ?padding oracle attack vulnerability?. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
Categories: Security News

Pages