Security News

CVE-2018-11766

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Categories: Security News

CVE-2018-16089

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Categories: Security News

CVE-2018-16090

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
Categories: Security News

CVE-2018-16091

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
Categories: Security News

CVE-2018-16092

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
Categories: Security News

CVE-2018-16094

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
Categories: Security News

CVE-2018-16095

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
Categories: Security News

CVE-2018-16096

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
Categories: Security News

CVE-2018-9083

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
Categories: Security News

CVE-2018-9084

National Vulnerability Database - Tue, 11/27/2018 - 09:29
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
Categories: Security News

CVE-2018-17953

National Vulnerability Database - Tue, 11/27/2018 - 08:29
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
Categories: Security News

CVE-2018-19587

National Vulnerability Database - Tue, 11/27/2018 - 02:29
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
Categories: Security News

CVE-2018-19595

National Vulnerability Database - Tue, 11/27/2018 - 02:29
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism.
Categories: Security News

CVE-2018-19607

National Vulnerability Database - Tue, 11/27/2018 - 02:29
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
Categories: Security News

Vuln: Samba CVE-2018-16851 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/27/2018 - 00:00
Samba CVE-2018-16851 Remote Denial of Service Vulnerability
Categories: Security News

Vuln: Samba CVE-2018-16853 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/27/2018 - 00:00
Samba CVE-2018-16853 Remote Denial of Service Vulnerability
Categories: Security News

Vuln: Samba Security Bypass and Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 11/27/2018 - 00:00
Samba Security Bypass and Denial of Service Vulnerabilities
Categories: Security News

Vuln: Samba CVE-2018-16841 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/27/2018 - 00:00
Samba CVE-2018-16841 Remote Denial of Service Vulnerability
Categories: Security News

Vuln: Samba CVE-2018-14629 Remote Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/27/2018 - 00:00
Samba CVE-2018-14629 Remote Denial of Service Vulnerability
Categories: Security News

CVE-2018-13308

National Vulnerability Database - Mon, 11/26/2018 - 18:29
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
Categories: Security News

Pages