News aggregator

CVE-2018-6659

National Vulnerability Database - Mon, 04/02/2018 - 13:29
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
Categories: Security News

CVE-2018-9127

National Vulnerability Database - Mon, 04/02/2018 - 13:29
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.
Categories: Security News

CVE-2018-6247

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges.
Categories: Security News

CVE-2018-6248

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges.
Categories: Security News

CVE-2018-6249

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
Categories: Security News

CVE-2018-6250

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service or possible escalation of privileges.
Categories: Security News

CVE-2018-6251

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX 10 Usermode driver, where specially crafted pixel shader can cause writing to unallocated memory leading to denial of service or potential code execution.
Categories: Security News

CVE-2018-6252

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service.
Categories: Security News

CVE-2018-6253

National Vulnerability Database - Mon, 04/02/2018 - 12:29
NVIDIA GPU Display Driver contains a vulnerability in DirectX and OpenGL Usermode drivers where specially crafted pixel shader can cause infinite recursion leading to denial of service.
Categories: Security News

CVE-2018-9183

National Vulnerability Database - Mon, 04/02/2018 - 11:29
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.
Categories: Security News

CVE-2018-0194

National Vulnerability Database - Mon, 04/02/2018 - 10:29
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.
Categories: Security News

CVE-2018-1038

National Vulnerability Database - Mon, 04/02/2018 - 09:29
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
Categories: Security News

CVE-2018-6660

National Vulnerability Database - Mon, 04/02/2018 - 09:29
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
Categories: Security News

CVE-2018-6661

National Vulnerability Database - Mon, 04/02/2018 - 09:29
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
Categories: Security News

CVE-2018-9163

National Vulnerability Database - Mon, 04/02/2018 - 08:29
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus 5.3 (Build 5330) and earlier allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
Categories: Security News

CVE-2018-1092

National Vulnerability Database - Sun, 04/01/2018 - 23:29
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
Categories: Security News

CVE-2018-1093

National Vulnerability Database - Sun, 04/01/2018 - 23:29
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
Categories: Security News

CVE-2018-1094

National Vulnerability Database - Sun, 04/01/2018 - 23:29
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
Categories: Security News

CVE-2018-1095

National Vulnerability Database - Sun, 04/01/2018 - 23:29
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
Categories: Security News

CVE-2018-9173

National Vulnerability Database - Sun, 04/01/2018 - 23:29
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
Categories: Security News

Pages