Security News

CVE-2017-13241

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
Categories: Security News

CVE-2017-13242

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
Categories: Security News

CVE-2017-13243

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
Categories: Security News

CVE-2017-13244

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.
Categories: Security News

CVE-2016-9569

National Vulnerability Database - Mon, 02/12/2018 - 13:29
The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.
Categories: Security News

CVE-2016-9570

National Vulnerability Database - Mon, 02/12/2018 - 13:29
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
Categories: Security News

Bugtraq: CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4111-1] libreoffice security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4111-1] libreoffice security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4110-1] exim4 security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4110-1] exim4 security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4109-1] ruby-omniauth security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4109-1] ruby-omniauth security update
Categories: Security News

CVE-2016-5397

National Vulnerability Database - Mon, 02/12/2018 - 12:29
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Categories: Security News

CVE-2016-8742

National Vulnerability Database - Mon, 02/12/2018 - 12:29
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
Categories: Security News

CVE-2018-6926

National Vulnerability Database - Mon, 02/12/2018 - 12:29
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
Categories: Security News

CVE-2017-18175

National Vulnerability Database - Mon, 02/12/2018 - 09:29
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
Categories: Security News

CVE-2017-18176

National Vulnerability Database - Mon, 02/12/2018 - 09:29
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
Categories: Security News

CVE-2017-18177

National Vulnerability Database - Mon, 02/12/2018 - 09:29
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Categories: Security News

CVE-2017-18178

National Vulnerability Database - Mon, 02/12/2018 - 09:29
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
Categories: Security News

CVE-2017-18179

National Vulnerability Database - Mon, 02/12/2018 - 09:29
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Categories: Security News

CVE-2018-6893

National Vulnerability Database - Mon, 02/12/2018 - 09:29
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
Categories: Security News

CVE-2018-6506

National Vulnerability Database - Sun, 02/11/2018 - 23:29
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
Categories: Security News

Pages