Security News

CVE-2018-6484

National Vulnerability Database - Thu, 02/01/2018 - 00:29
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Categories: Security News

Vuln: Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Kaspersky Secure Mail Gateway Multiple Security Vulnerabilities
Categories: Security News

Vuln: CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
CODESYS Web Server CVE-2018-5440 Stack Based Buffer Overflow Vulnerability
Categories: Security News

Vuln: Fuji Electric V-Server VPR CVE-2018-5442 Stack Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Fuji Electric V-Server VPR CVE-2018-5442 Stack Based Buffer Overflow Vulnerability
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
Categories: Security News

Vuln: IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/01/2018 - 00:00
IBM Cognos Analytics CVE-2017-1783 Local Security Bypass Vulnerability
Categories: Security News

CVE-2017-1000408

National Vulnerability Database - Wed, 01/31/2018 - 23:29
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Categories: Security News

CVE-2017-1000409

National Vulnerability Database - Wed, 01/31/2018 - 23:29
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Categories: Security News

CVE-2017-16861

National Vulnerability Database - Wed, 01/31/2018 - 23:29
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.
Categories: Security News

CVE-2017-16911

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
Categories: Security News

CVE-2017-16912

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
Categories: Security News

CVE-2017-16913

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
Categories: Security News

CVE-2017-16914

National Vulnerability Database - Wed, 01/31/2018 - 17:29
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
Categories: Security News

CVE-2018-6374

National Vulnerability Database - Wed, 01/31/2018 - 16:29
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.
Categories: Security News

CVE-2017-15653

National Vulnerability Database - Wed, 01/31/2018 - 15:29
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Categories: Security News

CVE-2017-15654

National Vulnerability Database - Wed, 01/31/2018 - 15:29
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
Categories: Security News

CVE-2017-15655

National Vulnerability Database - Wed, 01/31/2018 - 15:29
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.
Categories: Security News

CVE-2017-15656

National Vulnerability Database - Wed, 01/31/2018 - 15:29
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Categories: Security News

CVE-2017-16928

National Vulnerability Database - Wed, 01/31/2018 - 15:29
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
Categories: Security News

CVE-2017-16945

National Vulnerability Database - Wed, 01/31/2018 - 15:29
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
Categories: Security News

Pages