News aggregator

CVE-2019-7390

National Vulnerability Database - Mon, 02/04/2019 - 19:29
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
Categories: Security News

CVE-2019-7395 (imagemagick)

National Vulnerability Database - Mon, 02/04/2019 - 19:29
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
Categories: Security News

CVE-2019-7396 (imagemagick)

National Vulnerability Database - Mon, 02/04/2019 - 19:29
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
Categories: Security News

CVE-2019-7397 (imagemagick)

National Vulnerability Database - Mon, 02/04/2019 - 19:29
In ImageMagick before 7.0.8-25, several memory leaks exist in WritePDFImage in coders/pdf.c.
Categories: Security News

CVE-2019-7398 (imagemagick)

National Vulnerability Database - Mon, 02/04/2019 - 19:29
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
Categories: Security News

CVE-2016-1000276

National Vulnerability Database - Mon, 02/04/2019 - 17:29
Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such DLL on the system directory. This behavior results in an exploitable DLL Hijack vulnerability, even if the SafeDllSerchMode flag is enabled.
Categories: Security News

CVE-2018-15778

National Vulnerability Database - Mon, 02/04/2019 - 17:29
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
Categories: Security News

CVE-2019-7387

National Vulnerability Database - Mon, 02/04/2019 - 17:29
A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter.
Categories: Security News

CVE-2019-1000010

National Vulnerability Database - Mon, 02/04/2019 - 16:29
phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4.
Categories: Security News

CVE-2019-1000011

National Vulnerability Database - Mon, 02/04/2019 - 16:29
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability appears to have been fixed in 2.3.6.
Categories: Security News

CVE-2019-1000012

National Vulnerability Database - Mon, 02/04/2019 - 16:29
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.19.
Categories: Security News

CVE-2019-1000013

National Vulnerability Database - Mon, 02/04/2019 - 16:29
Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 0.4.0.
Categories: Security News

CVE-2019-1000014

National Vulnerability Database - Mon, 02/04/2019 - 16:29
Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.
Categories: Security News

CVE-2019-1000015

National Vulnerability Database - Mon, 02/04/2019 - 16:29
Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.
Categories: Security News

CVE-2019-1000016

National Vulnerability Database - Mon, 02/04/2019 - 16:29
FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.
Categories: Security News

CVE-2019-1000017

National Vulnerability Database - Mon, 02/04/2019 - 16:29
Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket number]. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03.
Categories: Security News

CVE-2019-1000018

National Vulnerability Database - Mon, 02/04/2019 - 16:29
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.
Categories: Security News

CVE-2019-1000019

National Vulnerability Database - Mon, 02/04/2019 - 16:29
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
Categories: Security News

CVE-2019-1000020

National Vulnerability Database - Mon, 02/04/2019 - 16:29
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Categories: Security News

CVE-2019-1000021

National Vulnerability Database - Mon, 02/04/2019 - 16:29
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
Categories: Security News

Pages