News aggregator

CVE-2017-13806

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed.
Categories: Security News

CVE-2017-13827

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.
Categories: Security News

CVE-2017-13837

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.
Categories: Security News

CVE-2017-13839

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
Categories: Security News

CVE-2017-13850

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.
Categories: Security News

CVE-2017-13851

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
Categories: Security News

CVE-2017-13853

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13854

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13863

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.
Categories: Security News

CVE-2017-13873

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
Categories: Security News

CVE-2017-13877

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.
Categories: Security News

CVE-2017-13884

National Vulnerability Database - Tue, 04/03/2018 - 02:29
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4163-1] beep security update

SecurityFocus Vulnerabilities - Tue, 04/03/2018 - 01:20
[SECURITY] [DSA 4163-1] beep security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4162-1] irssi security update

SecurityFocus Vulnerabilities - Tue, 04/03/2018 - 01:20
[SECURITY] [DSA 4162-1] irssi security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4161-1] python-django security update

SecurityFocus Vulnerabilities - Tue, 04/03/2018 - 01:20
[SECURITY] [DSA 4161-1] python-django security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4160-1] libevt security update

SecurityFocus Vulnerabilities - Tue, 04/03/2018 - 01:20
[SECURITY] [DSA 4160-1] libevt security update
Categories: Security News

Vuln: Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Tue, 04/03/2018 - 00:00
Microsoft Malware Protection Engine CVE-2018-0986 Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-9230

National Vulnerability Database - Mon, 04/02/2018 - 14:29
In OpenResty before 1.13.6.1, URI parameters were obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.
Categories: Security News

CVE-2016-8717

National Vulnerability Database - Mon, 04/02/2018 - 13:29
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
Categories: Security News

CVE-2018-1295

National Vulnerability Database - Mon, 04/02/2018 - 13:29
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
Categories: Security News

Pages