News aggregator

CVE-2018-19228

National Vulnerability Database - Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation.
Categories: Security News

CVE-2018-19229

National Vulnerability Database - Mon, 11/12/2018 - 15:29
An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
Categories: Security News

CVE-2018-19208

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
Categories: Security News

CVE-2018-19209

National Vulnerability Database - Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
Categories: Security News

CVE-2018-19210

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
Categories: Security News

CVE-2018-19211

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack.
Categories: Security News

CVE-2018-19212

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
Categories: Security News

CVE-2018-19213

National Vulnerability Database - Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
Categories: Security News

CVE-2018-19214

National Vulnerability Database - Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
Categories: Security News

CVE-2018-19215

National Vulnerability Database - Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
Categories: Security News

CVE-2018-19216

National Vulnerability Database - Mon, 11/12/2018 - 14:29
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
Categories: Security News

CVE-2018-19217

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In ncurses 6.1, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack.
Categories: Security News

CVE-2018-19218

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
Categories: Security News

CVE-2018-19219

National Vulnerability Database - Mon, 11/12/2018 - 14:29
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
Categories: Security News

CVE-2018-19205

National Vulnerability Database - Mon, 11/12/2018 - 12:29
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Categories: Security News

CVE-2018-19206

National Vulnerability Database - Mon, 11/12/2018 - 12:29
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
Categories: Security News

CVE-2018-19207

National Vulnerability Database - Mon, 11/12/2018 - 12:29
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
Categories: Security News

CVE-2018-1786

National Vulnerability Database - Mon, 11/12/2018 - 11:29
IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.
Categories: Security News

CVE-2018-1798

National Vulnerability Database - Mon, 11/12/2018 - 11:29
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428.
Categories: Security News

CVE-2018-1884

National Vulnerability Database - Mon, 11/12/2018 - 11:29
IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerabile to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.
Categories: Security News

Pages