News aggregator

CVE-2009-4267

National Vulnerability Database - Mon, 02/19/2018 - 11:29
The Apache jUDDI console in 3.0.0 did not escape line feeds passed in the numRows parameter. This affected log integrity allowing authenticated users to forge log records. This issue was addressed in jUDDI 3.0.1.
Categories: Security News

CVE-2016-8750

National Vulnerability Database - Mon, 02/19/2018 - 10:29
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
Categories: Security News

CVE-2018-7225

National Vulnerability Database - Mon, 02/19/2018 - 10:29
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Categories: Security News

CVE-2017-15712

National Vulnerability Database - Mon, 02/19/2018 - 09:29
Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
Categories: Security News

CVE-2017-16755

National Vulnerability Database - Mon, 02/19/2018 - 09:29
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked.
Categories: Security News

CVE-2017-16756

National Vulnerability Database - Mon, 02/19/2018 - 09:29
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
Categories: Security News

CVE-2017-18092

National Vulnerability Database - Mon, 02/19/2018 - 09:29
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
Categories: Security News

CVE-2017-18093

National Vulnerability Database - Mon, 02/19/2018 - 09:29
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
Categories: Security News

CVE-2017-18095

National Vulnerability Database - Mon, 02/19/2018 - 09:29
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability.
Categories: Security News

CVE-2018-1409

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.
Categories: Security News

CVE-2018-1410

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.
Categories: Security News

CVE-2018-1411

National Vulnerability Database - Mon, 02/19/2018 - 09:29
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
Categories: Security News

CVE-2018-6591

National Vulnerability Database - Mon, 02/19/2018 - 09:29
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.
Categories: Security News

CVE-2018-7219

National Vulnerability Database - Mon, 02/19/2018 - 09:29
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
Categories: Security News

CVE-2018-5378

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Categories: Security News

CVE-2018-5379

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
Categories: Security News

CVE-2018-5380

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Categories: Security News

CVE-2018-5381

National Vulnerability Database - Mon, 02/19/2018 - 08:29
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
Categories: Security News

Vuln: Google Chrome CVE-2018-6056 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 00:00
Google Chrome CVE-2018-6056 Remote Security Vulnerability
Categories: Security News

Vuln: Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Mon, 02/19/2018 - 00:00
Microsoft Windows Kernel CVE-2018-0810 Local Information Disclosure Vulnerability
Categories: Security News

Pages