News aggregator

CVE-2018-10622

National Vulnerability Database - Fri, 08/10/2018 - 14:29
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
Categories: Security News

CVE-2018-10626

National Vulnerability Database - Fri, 08/10/2018 - 14:29
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
Categories: Security News

CVE-2018-15190

National Vulnerability Database - Fri, 08/10/2018 - 13:29
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.
Categories: Security News

CVE-2018-15191

National Vulnerability Database - Fri, 08/10/2018 - 13:29
PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field.
Categories: Security News

CVE-2018-11492

National Vulnerability Database - Fri, 08/10/2018 - 12:29
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
Categories: Security News

CVE-2018-14028

National Vulnerability Database - Fri, 08/10/2018 - 12:29
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.
Categories: Security News

CVE-2018-14503

National Vulnerability Database - Fri, 08/10/2018 - 12:29
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
Categories: Security News

CVE-2018-14837

National Vulnerability Database - Fri, 08/10/2018 - 12:29
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.
Categories: Security News

CVE-2018-7754

National Vulnerability Database - Fri, 08/10/2018 - 12:29
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
Categories: Security News

CVE-2018-15189

National Vulnerability Database - Fri, 08/10/2018 - 11:29
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
Categories: Security News

CVE-2018-6553

National Vulnerability Database - Fri, 08/10/2018 - 11:29
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.
Categories: Security News

CVE-2018-6556

National Vulnerability Database - Fri, 08/10/2018 - 11:29
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
Categories: Security News

CVE-2018-10769

National Vulnerability Database - Fri, 08/10/2018 - 11:29
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
Categories: Security News

CVE-2018-13390

National Vulnerability Database - Fri, 08/10/2018 - 11:29
Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
Categories: Security News

CVE-2018-15185

National Vulnerability Database - Fri, 08/10/2018 - 11:29
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field.
Categories: Security News

CVE-2018-15186

National Vulnerability Database - Fri, 08/10/2018 - 11:29
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.
Categories: Security News

CVE-2018-15187

National Vulnerability Database - Fri, 08/10/2018 - 11:29
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
Categories: Security News

CVE-2018-15188

National Vulnerability Database - Fri, 08/10/2018 - 11:29
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 08/10/2018 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
Categories: Security News

Vuln: VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Fri, 08/10/2018 - 00:00
VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
Categories: Security News

Pages