News aggregator

CVE-2017-6275

National Vulnerability Database - Tue, 11/14/2017 - 11:29
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
Categories: Security News

Vuln: Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/14/2017 - 00:00
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/14/2017 - 00:00
PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
Categories: Security News

CVE-2017-16810

National Vulnerability Database - Mon, 11/13/2017 - 22:29
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.
Categories: Security News

CVE-2017-1221

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.
Categories: Security News

CVE-2017-1229

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.
Categories: Security News

CVE-2017-1453

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
Categories: Security News

CVE-2017-1477

National Vulnerability Database - Mon, 11/13/2017 - 18:29
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.
Categories: Security News

CVE-2017-1710

National Vulnerability Database - Mon, 11/13/2017 - 18:29
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
Categories: Security News

CVE-2016-8610

National Vulnerability Database - Mon, 11/13/2017 - 17:29
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Categories: Security News

CVE-2017-15525

National Vulnerability Database - Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Categories: Security News

CVE-2017-15526

National Vulnerability Database - Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
Categories: Security News

CVE-2017-16805

National Vulnerability Database - Mon, 11/13/2017 - 16:29
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
Categories: Security News

CVE-2017-16806

National Vulnerability Database - Mon, 11/13/2017 - 16:29
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
Categories: Security News

CVE-2017-16807

National Vulnerability Database - Mon, 11/13/2017 - 16:29
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
Categories: Security News

CVE-2017-16808

National Vulnerability Database - Mon, 11/13/2017 - 16:29
tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
Categories: Security News

CVE-2017-14020

National Vulnerability Database - Mon, 11/13/2017 - 15:29
An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
Categories: Security News

CVE-2017-14024

National Vulnerability Database - Mon, 11/13/2017 - 15:29
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
Categories: Security News

CVE-2017-16804

National Vulnerability Database - Mon, 11/13/2017 - 15:29
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
Categories: Security News

CVE-2017-0889

National Vulnerability Database - Mon, 11/13/2017 - 12:29
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Categories: Security News

Pages