Security News

CVE-2018-10768

National Vulnerability Database - Sun, 05/06/2018 - 19:29
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Categories: Security News

CVE-2018-0494

National Vulnerability Database - Sun, 05/06/2018 - 18:29
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
Categories: Security News

CVE-2018-10686

National Vulnerability Database - Sun, 05/06/2018 - 01:29
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
Categories: Security News

CVE-2018-10723

National Vulnerability Database - Sat, 05/05/2018 - 18:29
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
Categories: Security News

CVE-2018-10757

National Vulnerability Database - Sat, 05/05/2018 - 15:29
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
Categories: Security News

CVE-2018-10758

National Vulnerability Database - Sat, 05/05/2018 - 15:29
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
Categories: Security News

Bugtraq: [slackware-security] seamonkey (SSA:2018-123-01)

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[slackware-security] seamonkey (SSA:2018-123-01)
Categories: Security News

Bugtraq: Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution
Categories: Security News

Bugtraq: [SECURITY] [DSA 4191-1] redmine security update

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[SECURITY] [DSA 4191-1] redmine security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4190-1] jackson-databind security update

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[SECURITY] [DSA 4190-1] jackson-databind security update
Categories: Security News

Vuln: Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 00:00
Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability
Categories: Security News

CVE-2018-10752

National Vulnerability Database - Fri, 05/04/2018 - 22:29
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
Categories: Security News

CVE-2018-10753

National Vulnerability Database - Fri, 05/04/2018 - 22:29
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-10754

National Vulnerability Database - Fri, 05/04/2018 - 22:29
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.
Categories: Security News

CVE-2018-9154

National Vulnerability Database - Fri, 05/04/2018 - 17:29
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack.
Categories: Security News

CVE-2011-0704

National Vulnerability Database - Fri, 05/04/2018 - 16:29
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
Categories: Security News

CVE-2012-5628

National Vulnerability Database - Fri, 05/04/2018 - 16:29
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries.
Categories: Security News

CVE-2013-2233

National Vulnerability Database - Fri, 05/04/2018 - 16:29
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Categories: Security News

CVE-2017-15043

National Vulnerability Database - Fri, 05/04/2018 - 16:29
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
Categories: Security News

CVE-2018-10229

National Vulnerability Database - Fri, 05/04/2018 - 16:29
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
Categories: Security News

Pages