News aggregator

CVE-2017-6927

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
Categories: Security News

CVE-2017-6928

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Categories: Security News

CVE-2017-6929

National Vulnerability Database - Thu, 03/01/2018 - 18:29
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
Categories: Security News

CVE-2017-6930

National Vulnerability Database - Thu, 03/01/2018 - 18:29
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().
Categories: Security News

CVE-2017-6931

National Vulnerability Database - Thu, 03/01/2018 - 18:29
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray module.
Categories: Security News

CVE-2017-6932

National Vulnerability Database - Thu, 03/01/2018 - 18:29
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Categories: Security News

CVE-2018-7634

National Vulnerability Database - Thu, 03/01/2018 - 18:29
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
Categories: Security News

CVE-2017-15134

National Vulnerability Database - Thu, 03/01/2018 - 17:29
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Categories: Security News

CVE-2017-18212

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex frunction in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.
Categories: Security News

CVE-2018-7586

National Vulnerability Database - Thu, 03/01/2018 - 17:29
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
Categories: Security News

CVE-2018-7587

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
Categories: Security News

CVE-2018-7588

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
Categories: Security News

CVE-2018-7589

National Vulnerability Database - Thu, 03/01/2018 - 17:29
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
Categories: Security News

CVE-2018-7590

National Vulnerability Database - Thu, 03/01/2018 - 17:29
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
Categories: Security News

CVE-2017-18209

National Vulnerability Database - Thu, 03/01/2018 - 16:29
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
Categories: Security News

CVE-2017-18210

National Vulnerability Database - Thu, 03/01/2018 - 16:29
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
Categories: Security News

CVE-2017-18211

National Vulnerability Database - Thu, 03/01/2018 - 16:29
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
Categories: Security News

CVE-2018-7047

National Vulnerability Database - Thu, 03/01/2018 - 16:29
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
Categories: Security News

CVE-2018-7048

National Vulnerability Database - Thu, 03/01/2018 - 16:29
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.
Categories: Security News

CVE-2018-7049

National Vulnerability Database - Thu, 03/01/2018 - 16:29
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
Categories: Security News

Pages