News aggregator

CVE-2018-15443

National Vulnerability Database - Thu, 11/08/2018 - 12:29
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.
Categories: Security News

CVE-2018-0284

National Vulnerability Database - Thu, 11/08/2018 - 11:29
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.
Categories: Security News

CVE-2018-15381

National Vulnerability Database - Thu, 11/08/2018 - 11:29
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
Categories: Security News

CVE-2018-11777

National Vulnerability Database - Thu, 11/08/2018 - 09:29
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Categories: Security News

CVE-2018-1314

National Vulnerability Database - Thu, 11/08/2018 - 09:29
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Categories: Security News

CVE-2018-6433

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system.
Categories: Security News

CVE-2018-6434

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
Categories: Security News

CVE-2018-6435

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
Categories: Security News

CVE-2018-6441

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
Categories: Security News

CVE-2018-6442

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
Categories: Security News

CVE-2018-19104

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
Categories: Security News

CVE-2018-19105

National Vulnerability Database - Thu, 11/08/2018 - 03:29
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-19107

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
Categories: Security News

CVE-2018-19108

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
Categories: Security News

CVE-2018-19109

National Vulnerability Database - Thu, 11/08/2018 - 03:29
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
Categories: Security News

CVE-2018-19110

National Vulnerability Database - Thu, 11/08/2018 - 03:29
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
Categories: Security News

CVE-2018-19111

National Vulnerability Database - Thu, 11/08/2018 - 03:29
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
Categories: Security News

Vuln: Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
Categories: Security News

Pages