Security News

CVE-2016-1000232

National Vulnerability Database - Wed, 09/05/2018 - 13:29
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
Categories: Security News

CVE-2018-16518

National Vulnerability Database - Wed, 09/05/2018 - 11:29
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
Categories: Security News

CVE-2018-16521

National Vulnerability Database - Wed, 09/05/2018 - 11:29
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
Categories: Security News

CVE-2018-16516

National Vulnerability Database - Wed, 09/05/2018 - 10:29
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
Categories: Security News

CVE-2018-1353

National Vulnerability Database - Wed, 09/05/2018 - 09:29
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
Categories: Security News

CVE-2018-16513

National Vulnerability Database - Wed, 09/05/2018 - 09:29
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
Categories: Security News

CVE-2018-9192

National Vulnerability Database - Wed, 09/05/2018 - 09:29
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx being used.
Categories: Security News

CVE-2018-9194

National Vulnerability Database - Wed, 09/05/2018 - 09:29
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used.
Categories: Security News

CVE-2018-0502

National Vulnerability Database - Wed, 09/05/2018 - 04:29
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Categories: Security News

CVE-2018-13259

National Vulnerability Database - Wed, 09/05/2018 - 04:29
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Categories: Security News

CVE-2018-16509

National Vulnerability Database - Wed, 09/05/2018 - 02:29
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Categories: Security News

CVE-2018-16510

National Vulnerability Database - Wed, 09/05/2018 - 02:29
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
Categories: Security News

CVE-2018-16511

National Vulnerability Database - Wed, 09/05/2018 - 02:29
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
Categories: Security News

Vuln: Cisco Webex Teams CVE-2018-0436 Remote Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco Webex Teams CVE-2018-0436 Remote Security Bypass Vulnerability
Categories: Security News

Vuln: Cisco Enterprise NFV Infrastructure Software CVE-2018-0460 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco Enterprise NFV Infrastructure Software CVE-2018-0460 Information Disclosure Vulnerability
Categories: Security News

Vuln: WPAD Automatic DNS Registration and Autodiscovery VU#598349 Security Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
WPAD Automatic DNS Registration and Autodiscovery VU#598349 Security Vulnerability
Categories: Security News

Vuln: Cisco SD-WAN CVE-2018-0432 Remote Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco SD-WAN CVE-2018-0432 Remote Privilege Escalation Vulnerability
Categories: Security News

Vuln: Cisco Meeting Server CVE-2018-0439 Cross Site Request Forgery Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco Meeting Server CVE-2018-0439 Cross Site Request Forgery Vulnerability
Categories: Security News

Vuln: Cisco Umbrella Enterprise Roaming Client CVE-2018-0438 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco Umbrella Enterprise Roaming Client CVE-2018-0438 Local Privilege Escalation Vulnerability
Categories: Security News

Vuln: Cisco RV110W/RV130W/RV215W Routers Management Interface CVE-2018-0423 Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/05/2018 - 00:00
Cisco RV110W/RV130W/RV215W Routers Management Interface CVE-2018-0423 Buffer Overflow Vulnerability
Categories: Security News

Pages