News aggregator

CVE-2018-11469

National Vulnerability Database - Fri, 05/25/2018 - 10:29
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
Categories: Security News

CVE-2018-11470

National Vulnerability Database - Fri, 05/25/2018 - 10:29
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
Categories: Security News

CVE-2018-1449

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.
Categories: Security News

CVE-2018-1450

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-ForceID: 140045.
Categories: Security News

CVE-2018-1451

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.
Categories: Security News

CVE-2018-1452

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.
Categories: Security News

CVE-2018-1459

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210.
Categories: Security News

CVE-2018-1467

National Vulnerability Database - Fri, 05/25/2018 - 10:29
The IBM Storwize V7000 Unified management Web interface 1.6 exposes internal cluster details to unauthenticated users. IBM X-Force ID: 140398.
Categories: Security News

CVE-2018-1488

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.
Categories: Security News

CVE-2018-1515

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 141624.
Categories: Security News

CVE-2018-1544

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 142648.
Categories: Security News

CVE-2018-1565

National Vulnerability Database - Fri, 05/25/2018 - 10:29
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege scalation to the DB2 instance owner. IBM X-Force ID: 143022.
Categories: Security News

CVE-2017-3961

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
Categories: Security News

CVE-2018-11468

National Vulnerability Database - Fri, 05/25/2018 - 09:29
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
Categories: Security News

CVE-2018-6664

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
Categories: Security News

CVE-2018-6674

National Vulnerability Database - Fri, 05/25/2018 - 09:29
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.
Categories: Security News

CVE-2018-1133

National Vulnerability Database - Fri, 05/25/2018 - 08:29
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Categories: Security News

CVE-2018-1134

National Vulnerability Database - Fri, 05/25/2018 - 08:29
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
Categories: Security News

CVE-2018-1135

National Vulnerability Database - Fri, 05/25/2018 - 08:29
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Categories: Security News

CVE-2018-1136

National Vulnerability Database - Fri, 05/25/2018 - 08:29
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
Categories: Security News

Pages