Security News

CVE-2018-0511

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-6186

National Vulnerability Database - Thu, 02/01/2018 - 09:29
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Categories: Security News

CVE-2018-6485

National Vulnerability Database - Thu, 02/01/2018 - 09:29
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Categories: Security News

CVE-2018-6470

National Vulnerability Database - Thu, 02/01/2018 - 08:29
Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4103-1] chromium-browser security update

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
[SECURITY] [DSA 4103-1] chromium-browser security update
Categories: Security News

Bugtraq: Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831
Categories: Security News

Bugtraq: KonaKart Path Traversal Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
KonaKart Path Traversal Vulnerability
Categories: Security News

Bugtraq: Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 03:20
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key
Categories: Security News

CVE-2018-6484

National Vulnerability Database - Thu, 02/01/2018 - 00:29
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Categories: Security News

Vuln: Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
Categories: Security News

Vuln: CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability
Categories: Security News

Vuln: Fuji Electric V-Server VPR CVE-2018-5442 Stack Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Fuji Electric V-Server VPR CVE-2018-5442 Stack Based Buffer Overflow Vulnerability
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
Categories: Security News

Vuln: IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability
Categories: Security News

CVE-2017-1000408

National Vulnerability Database - Wed, 01/31/2018 - 23:29
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Categories: Security News

CVE-2017-1000409

National Vulnerability Database - Wed, 01/31/2018 - 23:29
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Categories: Security News

CVE-2017-16861

National Vulnerability Database - Wed, 01/31/2018 - 23:29
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
Categories: Security News

CVE-2017-16911

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
Categories: Security News

CVE-2017-16912

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
Categories: Security News

CVE-2017-16913

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
Categories: Security News

Pages