News aggregator

CVE-2019-11503

National Vulnerability Database - Wed, 04/24/2019 - 17:29
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
Categories: Security News

CVE-2019-11504

National Vulnerability Database - Wed, 04/24/2019 - 17:29
Zotonic before version 0.47 has mod_admin XSS.
Categories: Security News

CVE-2019-11505

National Vulnerability Database - Wed, 04/24/2019 - 17:29
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Categories: Security News

CVE-2019-11217

National Vulnerability Database - Wed, 04/24/2019 - 16:29
The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.
Categories: Security News

CVE-2019-11218

National Vulnerability Database - Wed, 04/24/2019 - 16:29
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.
Categories: Security News

CVE-2019-10008

National Vulnerability Database - Wed, 04/24/2019 - 15:29
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
Categories: Security News

CVE-2019-9950

National Vulnerability Database - Wed, 04/24/2019 - 14:29
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The login_mgr.cgi file checks credentials against /etc/shadow. However, the "nobody" account (which can be used to access the control panel API as a low-privilege logged-in user) has a default empty password, allowing an attacker to modify the My Cloud EX2 Ultra web page source code and obtain access to the My Cloud as a non-Admin My Cloud device user.
Categories: Security News

CVE-2019-9951

National Vulnerability Database - Wed, 04/24/2019 - 14:29
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on the attached storage.
Categories: Security News

CVE-2018-10055

National Vulnerability Database - Wed, 04/24/2019 - 13:29
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
Categories: Security News

CVE-2018-7577

National Vulnerability Database - Wed, 04/24/2019 - 13:29
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
Categories: Security News

CVE-2019-10691

National Vulnerability Database - Wed, 04/24/2019 - 13:29
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
Categories: Security News

CVE-2019-9635

National Vulnerability Database - Wed, 04/24/2019 - 13:29
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
Categories: Security News

CVE-2019-3789

National Vulnerability Database - Wed, 04/24/2019 - 12:29
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.
Categories: Security News

CVE-2019-3793

National Vulnerability Database - Wed, 04/24/2019 - 12:29
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.
Categories: Security News

CVE-2019-3868

National Vulnerability Database - Wed, 04/24/2019 - 12:29
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user?s browser session.
Categories: Security News

CVE-2019-3882

National Vulnerability Database - Wed, 04/24/2019 - 12:29
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Categories: Security News

CVE-2019-3786

National Vulnerability Database - Wed, 04/24/2019 - 12:29
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable.
Categories: Security News

CVE-2019-7213

National Vulnerability Database - Wed, 04/24/2019 - 11:29
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
Categories: Security News

CVE-2019-7214

National Vulnerability Database - Wed, 04/24/2019 - 11:29
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Categories: Security News

CVE-2019-9734

National Vulnerability Database - Wed, 04/24/2019 - 11:29
aquaverde Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file because of incorrect if/else usage in the Log-File writer component.
Categories: Security News

Pages