News aggregator

CVE-2017-16546

National Vulnerability Database - Sun, 11/05/2017 - 17:29
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Categories: Security News

CVE-2017-16542

National Vulnerability Database - Sun, 11/05/2017 - 12:29
Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
Categories: Security News

CVE-2017-16543

National Vulnerability Database - Sun, 11/05/2017 - 12:29
Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field.
Categories: Security News

CVE-2017-16540

National Vulnerability Database - Sat, 11/04/2017 - 15:29
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
Categories: Security News

CVE-2017-16541

National Vulnerability Database - Sat, 11/04/2017 - 14:29
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Categories: Security News

CVE-2017-16539

National Vulnerability Database - Sat, 11/04/2017 - 13:29
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4015-1] openjdk-8 security update

SecurityFocus Vulnerabilities - Sat, 11/04/2017 - 12:20
[SECURITY] [DSA 4015-1] openjdk-8 security update
Categories: Security News

Vuln: HP Performance Center CVE-2017-14359 Unspecified Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/04/2017 - 00:00
HP Performance Center CVE-2017-14359 Unspecified Cross Site Scripting Vulnerability
Categories: Security News

Vuln: IBM OpenPages CVE-2016-3048 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/04/2017 - 00:00
IBM OpenPages CVE-2016-3048 Cross Site Scripting Vulnerability
Categories: Security News

Vuln: ABB FOX515T CVE-2017-14025 Local Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/04/2017 - 00:00
ABB FOX515T CVE-2017-14025 Local Information Disclosure Vulnerability
Categories: Security News

Vuln: GraphicsMagick CVE-2017-16352 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/04/2017 - 00:00
GraphicsMagick CVE-2017-16352 Heap Buffer Overflow Vulnerability
Categories: Security News

CVE-2017-16532

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16533

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16534

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16535

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16536

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16537

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16538

National Vulnerability Database - Fri, 11/03/2017 - 21:29
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via crafted system calls, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
Categories: Security News

CVE-2017-16525

National Vulnerability Database - Fri, 11/03/2017 - 21:29
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls, related to disconnection and failed setup.
Categories: Security News

CVE-2017-16526

National Vulnerability Database - Fri, 11/03/2017 - 21:29
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

Pages