Security News

CVE-2017-6198

National Vulnerability Database - Tue, 02/06/2018 - 11:29
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.
Categories: Security News

CVE-2017-6199

National Vulnerability Database - Tue, 02/06/2018 - 11:29
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
Categories: Security News

CVE-2017-6200

National Vulnerability Database - Tue, 02/06/2018 - 11:29
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
Categories: Security News

CVE-2017-6201

National Vulnerability Database - Tue, 02/06/2018 - 11:29
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.
Categories: Security News

CVE-2017-15095

National Vulnerability Database - Tue, 02/06/2018 - 10:29
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Categories: Security News

CVE-2017-7525

National Vulnerability Database - Tue, 02/06/2018 - 10:29
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Categories: Security News

CVE-2018-6288

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6289

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6290

National Vulnerability Database - Tue, 02/06/2018 - 10:29
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2018-6291

National Vulnerability Database - Tue, 02/06/2018 - 10:29
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
Categories: Security News

CVE-2013-4317

National Vulnerability Database - Tue, 02/06/2018 - 09:29
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Categories: Security News

CVE-2016-6813

National Vulnerability Database - Tue, 02/06/2018 - 09:29
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
Categories: Security News

CVE-2018-6466

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6467

National Vulnerability Database - Tue, 02/06/2018 - 09:29
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.
Categories: Security News

CVE-2018-6468

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6469

National Vulnerability Database - Tue, 02/06/2018 - 09:29
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
Categories: Security News

CVE-2018-6656

National Vulnerability Database - Tue, 02/06/2018 - 09:29
Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.
Categories: Security News

CVE-2017-6169

National Vulnerability Database - Tue, 02/06/2018 - 08:29
In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.
Categories: Security News

CVE-2017-6258

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
Categories: Security News

CVE-2017-6279

National Vulnerability Database - Tue, 02/06/2018 - 08:29
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
Categories: Security News

Pages