News aggregator

CVE-2017-1000240

National Vulnerability Database - Thu, 11/16/2017 - 22:29
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
Categories: Security News

CVE-2017-1000241

National Vulnerability Database - Thu, 11/16/2017 - 22:29
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
Categories: Security News

CVE-2017-1000201

National Vulnerability Database - Thu, 11/16/2017 - 21:29
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
Categories: Security News

CVE-2017-1000208

National Vulnerability Database - Thu, 11/16/2017 - 21:29
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
Categories: Security News

CVE-2017-1000209

National Vulnerability Database - Thu, 11/16/2017 - 21:29
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
Categories: Security News

CVE-2017-1000193

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Categories: Security News

CVE-2017-1000194

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Categories: Security News

CVE-2017-1000195

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Categories: Security News

CVE-2017-1000196

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
Categories: Security News

CVE-2017-1000197

National Vulnerability Database - Thu, 11/16/2017 - 21:29
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Categories: Security News

CVE-2017-1000198

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
Categories: Security News

CVE-2017-1000199

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
Categories: Security News

CVE-2017-1000200

National Vulnerability Database - Thu, 11/16/2017 - 21:29
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
Categories: Security News

CVE-2017-1000174

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, an address access exception was found in swfdump swf_GetBits().
Categories: Security News

CVE-2017-1000176

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memcpy buffer overflow was found in swfc.
Categories: Security News

CVE-2017-1000182

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memory leak was found in wav2swf.
Categories: Security News

CVE-2017-1000185

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a memcpy buffer overflow was found in gif2swf.
Categories: Security News

CVE-2017-1000186

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, a stack overflow was found in pdf2swf.
Categories: Security News

CVE-2017-1000187

National Vulnerability Database - Thu, 11/16/2017 - 20:29
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
Categories: Security News

CVE-2017-1000210

National Vulnerability Database - Thu, 11/16/2017 - 20:29
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
Categories: Security News

Pages