News aggregator

CVE-2018-17976

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
Categories: Security News

CVE-2018-18640

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
Categories: Security News

CVE-2018-18641

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.
Categories: Security News

CVE-2018-18642

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.
Categories: Security News

CVE-2018-18644

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
Categories: Security News

CVE-2018-18645

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.
Categories: Security News

CVE-2018-18646

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.
Categories: Security News

CVE-2018-18647

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.
Categories: Security News

CVE-2018-18648

National Vulnerability Database - Tue, 12/04/2018 - 18:29
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.
Categories: Security News

CVE-2018-18843

National Vulnerability Database - Tue, 12/04/2018 - 18:29
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
Categories: Security News

CVE-2018-18989

National Vulnerability Database - Tue, 12/04/2018 - 17:29
In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Categories: Security News

CVE-2018-18993

National Vulnerability Database - Tue, 12/04/2018 - 17:29
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.
Categories: Security News

CVE-2018-17160

National Vulnerability Database - Tue, 12/04/2018 - 16:29
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
Categories: Security News

CVE-2018-18991

National Vulnerability Database - Tue, 12/04/2018 - 16:29
Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.
Categories: Security News

CVE-2018-5496

National Vulnerability Database - Tue, 12/04/2018 - 15:29
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
Categories: Security News

CVE-2018-0468

National Vulnerability Database - Tue, 12/04/2018 - 13:29
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default access credentials. An attacker could exploit this vulnerability by logging in to the machine where CEMS is installed and establishing a local connection to the database. The fix for this vulnerability randomizes the database access password in new installations; however, the fix will not change the password for existing installations. Users are required to manually change the password, as documented in the Workarounds section of this advisory. There are workarounds that address this vulnerability.
Categories: Security News

CVE-2018-7956

National Vulnerability Database - Tue, 12/04/2018 - 13:29
Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. There is a vulnerability in versions before 4.0.5 that attackers can conduct bruteforce to the VIP App Web Services to get user information.
Categories: Security News

CVE-2018-7987

National Vulnerability Database - Tue, 12/04/2018 - 13:29
There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.
Categories: Security News

CVE-2018-6152

National Vulnerability Database - Tue, 12/04/2018 - 12:29
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.106 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
Categories: Security News

CVE-2018-6086

National Vulnerability Database - Tue, 12/04/2018 - 12:29
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Categories: Security News

Pages