News aggregator

CVE-2017-5660

National Vulnerability Database - Tue, 02/27/2018 - 15:29
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
Categories: Security News

CVE-2017-7671

National Vulnerability Database - Tue, 02/27/2018 - 15:29
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
Categories: Security News

CVE-2012-3536

National Vulnerability Database - Tue, 02/27/2018 - 14:29
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
Categories: Security News

CVE-2018-6481

National Vulnerability Database - Tue, 02/27/2018 - 14:29
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
Categories: Security News

CVE-2018-6532

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.
Categories: Security News

CVE-2018-6533

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root.
Categories: Security News

CVE-2018-6534

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.
Categories: Security News

CVE-2018-6535

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Categories: Security News

CVE-2018-7540

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
Categories: Security News

CVE-2018-7541

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
Categories: Security News

CVE-2018-7542

National Vulnerability Database - Tue, 02/27/2018 - 14:29
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
Categories: Security News

CVE-2018-1372

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.
Categories: Security News

CVE-2018-1399

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138435.
Categories: Security News

CVE-2018-1416

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.
Categories: Security News

CVE-2018-1425

National Vulnerability Database - Tue, 02/27/2018 - 12:29
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003.
Categories: Security News

CVE-2017-15692

National Vulnerability Database - Tue, 02/27/2018 - 10:29
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
Categories: Security News

CVE-2017-15693

National Vulnerability Database - Tue, 02/27/2018 - 10:29
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.
Categories: Security News

CVE-2017-16767

National Vulnerability Database - Tue, 02/27/2018 - 10:29
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter.
Categories: Security News

CVE-2017-16770

National Vulnerability Database - Tue, 02/27/2018 - 10:29
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.
Categories: Security News

CVE-2017-17478

National Vulnerability Database - Tue, 02/27/2018 - 10:29
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages.
Categories: Security News

Pages