News aggregator

CVE-2017-16883

National Vulnerability Database - Sat, 11/18/2017 - 13:29
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
Categories: Security News

CVE-2017-16881

National Vulnerability Database - Sat, 11/18/2017 - 08:29
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.
Categories: Security News

Vuln: Node.js CVE-2017-14919 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/18/2017 - 00:00
Node.js CVE-2017-14919 Denial of Service Vulnerability
Categories: Security News

Vuln: Libav CVE-2017-16803 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/18/2017 - 00:00
Libav CVE-2017-16803 Denial of Service Vulnerability
Categories: Security News

Vuln: Multiple TIBCO Products CVE-2017-5533 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/18/2017 - 00:00
Multiple TIBCO Products CVE-2017-5533 Information Disclosure Vulnerability
Categories: Security News

Vuln: IBM Jazz Reporting Service CVE-2017-1340 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/18/2017 - 00:00
IBM Jazz Reporting Service CVE-2017-1340 Information Disclosure Vulnerability
Categories: Security News

CVE-2017-14077

National Vulnerability Database - Fri, 11/17/2017 - 20:29
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4039-1] opensaml2 security update

SecurityFocus Vulnerabilities - Fri, 11/17/2017 - 20:20
[SECURITY] [DSA 4039-1] opensaml2 security update
Categories: Security News

Bugtraq: [security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 11/17/2017 - 20:20
[security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
Categories: Security News

Bugtraq: [security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 11/17/2017 - 20:20
[security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
Categories: Security News

Bugtraq: [SECURITY] [DSA 4037-1] jackson-databind security update

SecurityFocus Vulnerabilities - Fri, 11/17/2017 - 20:20
[SECURITY] [DSA 4037-1] jackson-databind security update
Categories: Security News

CVE-2017-16566

National Vulnerability Database - Fri, 11/17/2017 - 18:29
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
Categories: Security News

CVE-2017-1000126

National Vulnerability Database - Fri, 11/17/2017 - 17:29
exiv2 0.26 contains a Stack out of bounds read in webp parser
Categories: Security News

CVE-2017-1000127

National Vulnerability Database - Fri, 11/17/2017 - 17:29
Exiv2 0.26 contains a heap buffer overflow in tiff parser
Categories: Security News

CVE-2017-1000128

National Vulnerability Database - Fri, 11/17/2017 - 17:29
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
Categories: Security News

CVE-2017-1000217

National Vulnerability Database - Fri, 11/17/2017 - 17:29
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
Categories: Security News

CVE-2017-1000221

National Vulnerability Database - Fri, 11/17/2017 - 17:29
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
Categories: Security News

CVE-2017-1000163

National Vulnerability Database - Fri, 11/17/2017 - 16:29
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
Categories: Security News

CVE-2017-1000190

National Vulnerability Database - Fri, 11/17/2017 - 16:29
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Categories: Security News

CVE-2017-1000227

National Vulnerability Database - Fri, 11/17/2017 - 16:29
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
Categories: Security News

Pages