Security News

CVE-2018-14734

National Vulnerability Database - Sun, 07/29/2018 - 19:29
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
Categories: Security News

CVE-2018-14679

National Vulnerability Database - Sat, 07/28/2018 - 19:29
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Categories: Security News

CVE-2018-14680

National Vulnerability Database - Sat, 07/28/2018 - 19:29
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
Categories: Security News

CVE-2018-14681

National Vulnerability Database - Sat, 07/28/2018 - 19:29
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Categories: Security News

CVE-2018-14682

National Vulnerability Database - Sat, 07/28/2018 - 19:29
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
Categories: Security News

CVE-2018-14685

National Vulnerability Database - Sat, 07/28/2018 - 19:29
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
Categories: Security News

CVE-2018-14686

National Vulnerability Database - Sat, 07/28/2018 - 19:29
system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php.
Categories: Security News

CVE-2018-14678

National Vulnerability Database - Sat, 07/28/2018 - 14:29
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
Categories: Security News

CVE-2018-0497

National Vulnerability Database - Sat, 07/28/2018 - 13:29
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Categories: Security News

CVE-2018-0498

National Vulnerability Database - Sat, 07/28/2018 - 13:29
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Categories: Security News

CVE-2016-9578

National Vulnerability Database - Fri, 07/27/2018 - 17:29
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
Categories: Security News

CVE-2016-9603

National Vulnerability Database - Fri, 07/27/2018 - 17:29
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Categories: Security News

CVE-2017-15118

National Vulnerability Database - Fri, 07/27/2018 - 17:29
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
Categories: Security News

CVE-2016-9577

National Vulnerability Database - Fri, 07/27/2018 - 16:29
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
Categories: Security News

CVE-2017-15097

National Vulnerability Database - Fri, 07/27/2018 - 16:29
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
Categories: Security News

CVE-2017-15101

National Vulnerability Database - Fri, 07/27/2018 - 16:29
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
Categories: Security News

CVE-2017-2648

National Vulnerability Database - Fri, 07/27/2018 - 16:29
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Categories: Security News

CVE-2017-2649

National Vulnerability Database - Fri, 07/27/2018 - 16:29
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Categories: Security News

CVE-2017-2650

National Vulnerability Database - Fri, 07/27/2018 - 16:29
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins.
Categories: Security News

CVE-2017-2652

National Vulnerability Database - Fri, 07/27/2018 - 16:29
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.
Categories: Security News

Pages