News aggregator

CVE-2018-6434

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
Categories: Security News

CVE-2018-6435

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
Categories: Security News

CVE-2018-6441

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
Categories: Security News

CVE-2018-6442

National Vulnerability Database - Thu, 11/08/2018 - 09:29
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
Categories: Security News

CVE-2018-19104

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
Categories: Security News

CVE-2018-19105

National Vulnerability Database - Thu, 11/08/2018 - 03:29
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-19107

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
Categories: Security News

CVE-2018-19108

National Vulnerability Database - Thu, 11/08/2018 - 03:29
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
Categories: Security News

CVE-2018-19109

National Vulnerability Database - Thu, 11/08/2018 - 03:29
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
Categories: Security News

CVE-2018-19110

National Vulnerability Database - Thu, 11/08/2018 - 03:29
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
Categories: Security News

CVE-2018-19111

National Vulnerability Database - Thu, 11/08/2018 - 03:29
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
Categories: Security News

Vuln: Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
Categories: Security News

Vuln: Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Thu, 11/08/2018 - 00:00
Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability
Categories: Security News

CVE-2018-16149

National Vulnerability Database - Wed, 11/07/2018 - 15:29
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.
Categories: Security News

CVE-2018-16150

National Vulnerability Database - Wed, 11/07/2018 - 15:29
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340.
Categories: Security News

CVE-2018-16253

National Vulnerability Database - Wed, 11/07/2018 - 15:29
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568.
Categories: Security News

CVE-2018-19089

National Vulnerability Database - Wed, 11/07/2018 - 14:29
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
Categories: Security News

CVE-2018-19090

National Vulnerability Database - Wed, 11/07/2018 - 14:29
tianti 2.3 has stored XSS in the article management module via an article title.
Categories: Security News

Pages