News aggregator

CVE-2018-11118

National Vulnerability Database - Thu, 05/17/2018 - 09:29
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
Categories: Security News

CVE-2018-11119

National Vulnerability Database - Thu, 05/17/2018 - 09:29
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
Categories: Security News

CVE-2018-11120

National Vulnerability Database - Thu, 05/17/2018 - 09:29
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
Categories: Security News

Bugtraq: [slackware-security] php (SSA:2018-136-02)

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 09:20
[slackware-security] php (SSA:2018-136-02)
Categories: Security News

Bugtraq: [slackware-security] curl (SSA:2018-136-01)

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 09:20
[slackware-security] curl (SSA:2018-136-01)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4202-1] curl security update

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 09:20
[SECURITY] [DSA 4202-1] curl security update
Categories: Security News

Bugtraq: CVE-2018-11101: Signal-desktop HTML tag injection variant 2

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 09:20
CVE-2018-11101: Signal-desktop HTML tag injection variant 2
Categories: Security News

CVE-2018-10027

National Vulnerability Database - Thu, 05/17/2018 - 08:29
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
Categories: Security News

CVE-2018-11230

National Vulnerability Database - Thu, 05/17/2018 - 08:29
jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-11224

National Vulnerability Database - Thu, 05/17/2018 - 00:29
An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.
Categories: Security News

CVE-2018-11225

National Vulnerability Database - Thu, 05/17/2018 - 00:29
The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11226

National Vulnerability Database - Thu, 05/17/2018 - 00:29
The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
Categories: Security News

Vuln: PHP CVE-2018-10545 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 00:00
PHP CVE-2018-10545 Security Bypass Vulnerability
Categories: Security News

Vuln: PHP Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 00:00
PHP Multiple Security Vulnerabilities
Categories: Security News

Vuln: Xen CVE-2018-10981 Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Thu, 05/17/2018 - 00:00
Xen CVE-2018-10981 Local Denial of Service Vulnerability
Categories: Security News

CVE-2018-0222

National Vulnerability Database - Wed, 05/16/2018 - 23:29
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929.
Categories: Security News

CVE-2018-0268

National Vulnerability Database - Wed, 05/16/2018 - 23:29
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253.
Categories: Security News

CVE-2018-0270

National Vulnerability Database - Wed, 05/16/2018 - 23:29
A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. This vulnerability affects Connected Grid Network Management System, if running a software release prior to IoT-FND Release 3.0; and IoT Field Network Director, if running a software release prior to IoT-FND Release 4.1.1-6 or 4.2.0-123. Cisco Bug IDs: CSCvi02448.
Categories: Security News

CVE-2018-0271

National Vulnerability Database - Wed, 05/16/2018 - 23:29
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394.
Categories: Security News

CVE-2018-0277

National Vulnerability Database - Wed, 05/16/2018 - 23:29
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857.
Categories: Security News

Pages