News aggregator

Vuln: Intel Data Center Manager SDK CVE-2019-0103 Local Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/21/2019 - 00:00
Intel Data Center Manager SDK CVE-2019-0103 Local Information Disclosure Vulnerability
Categories: Security News

CVE-2013-7469

National Vulnerability Database - Wed, 02/20/2019 - 22:29
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Categories: Security News

CVE-2018-20146

National Vulnerability Database - Wed, 02/20/2019 - 22:29
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
Categories: Security News

CVE-2019-5727

National Vulnerability Database - Wed, 02/20/2019 - 20:29
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
Categories: Security News

CVE-2018-15380

National Vulnerability Database - Wed, 02/20/2019 - 18:29
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
Categories: Security News

CVE-2019-3474

National Vulnerability Database - Wed, 02/20/2019 - 17:29
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Categories: Security News

CVE-2019-3475

National Vulnerability Database - Wed, 02/20/2019 - 17:29
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
Categories: Security News

CVE-2019-1003024

National Vulnerability Database - Wed, 02/20/2019 - 16:29
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
Categories: Security News

CVE-2019-1003025

National Vulnerability Database - Wed, 02/20/2019 - 16:29
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Categories: Security News

CVE-2019-1003026

National Vulnerability Database - Wed, 02/20/2019 - 16:29
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
Categories: Security News

CVE-2019-1003027

National Vulnerability Database - Wed, 02/20/2019 - 16:29
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.
Categories: Security News

CVE-2019-1003028

National Vulnerability Database - Wed, 02/20/2019 - 16:29
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
Categories: Security News

CVE-2019-3924

National Vulnerability Database - Wed, 02/20/2019 - 15:29
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
Categories: Security News

CVE-2018-5817

National Vulnerability Database - Wed, 02/20/2019 - 13:29
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
Categories: Security News

CVE-2018-5818

National Vulnerability Database - Wed, 02/20/2019 - 13:29
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
Categories: Security News

CVE-2018-5819

National Vulnerability Database - Wed, 02/20/2019 - 13:29
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
Categories: Security News

CVE-2018-20030

National Vulnerability Database - Wed, 02/20/2019 - 12:29
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
Categories: Security News

CVE-2019-8954

National Vulnerability Database - Wed, 02/20/2019 - 12:29
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
Categories: Security News

CVE-2019-8331 (bootstrap)

National Vulnerability Database - Wed, 02/20/2019 - 11:29
In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Categories: Security News

CVE-2019-8953

National Vulnerability Database - Wed, 02/20/2019 - 11:29
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Categories: Security News

Pages