Security News

CVE-2017-1779

National Vulnerability Database - Mon, 01/29/2018 - 11:29
IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.
Categories: Security News

CVE-2017-1783

National Vulnerability Database - Mon, 01/29/2018 - 11:29
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
Categories: Security News

CVE-2017-1784

National Vulnerability Database - Mon, 01/29/2018 - 11:29
IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858.
Categories: Security News

CVE-2017-4947

National Vulnerability Database - Mon, 01/29/2018 - 11:29
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
Categories: Security News

CVE-2017-4951

National Vulnerability Database - Mon, 01/29/2018 - 11:29
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
Categories: Security News

CVE-2018-1364

National Vulnerability Database - Mon, 01/29/2018 - 11:29
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.
Categories: Security News

CVE-2017-18078

National Vulnerability Database - Mon, 01/29/2018 - 00:29
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
Categories: Security News

CVE-2017-18079

National Vulnerability Database - Mon, 01/29/2018 - 00:29
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
Categories: Security News

CVE-2018-5720

National Vulnerability Database - Mon, 01/29/2018 - 00:29
An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.
Categories: Security News

CVE-2018-6007

National Vulnerability Database - Mon, 01/29/2018 - 00:29
CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket.
Categories: Security News

CVE-2018-6008

National Vulnerability Database - Mon, 01/29/2018 - 00:29
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
Categories: Security News

CVE-2018-6363

National Vulnerability Database - Mon, 01/29/2018 - 00:29
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
Categories: Security News

CVE-2018-6364

National Vulnerability Database - Mon, 01/29/2018 - 00:29
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
Categories: Security News

CVE-2018-6365

National Vulnerability Database - Mon, 01/29/2018 - 00:29
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
Categories: Security News

CVE-2018-6367

National Vulnerability Database - Mon, 01/29/2018 - 00:29
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
Categories: Security News

Vuln: RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability

SecurityFocus Vulnerabilities - Mon, 01/29/2018 - 00:00
RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability
Categories: Security News

Vuln: Jenkins Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 01/29/2018 - 00:00
Jenkins Multiple Security Vulnerabilities
Categories: Security News

Vuln: Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 01/29/2018 - 00:00
Jenkins Global Build Stats Plugin Multiple Security Vulnerabilities
Categories: Security News

CVE-2018-6360

National Vulnerability Database - Sat, 01/27/2018 - 21:29
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.
Categories: Security News

CVE-2018-6358

National Vulnerability Database - Sat, 01/27/2018 - 16:29
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.
Categories: Security News

Pages