News aggregator

CVE-2018-11628

National Vulnerability Database - Fri, 06/01/2018 - 11:29
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
Categories: Security News

CVE-2018-11652

National Vulnerability Database - Fri, 06/01/2018 - 11:29
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
Categories: Security News

CVE-2018-11655

National Vulnerability Database - Fri, 06/01/2018 - 11:29
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
Categories: Security News

CVE-2018-11656

National Vulnerability Database - Fri, 06/01/2018 - 11:29
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
Categories: Security News

CVE-2018-11657

National Vulnerability Database - Fri, 06/01/2018 - 11:29
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.
Categories: Security News

CVE-2017-17171

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.
Categories: Security News

CVE-2017-6153

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.
Categories: Security News

CVE-2018-11649

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Hue 3.12 has XSS via the /pig/save/ name and script parameters.
Categories: Security News

CVE-2018-11650

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
Categories: Security News

CVE-2018-11651

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
Categories: Security News

CVE-2018-5513

National Vulnerability Database - Fri, 06/01/2018 - 10:29
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.
Categories: Security News

CVE-2018-5521

National Vulnerability Database - Fri, 06/01/2018 - 10:29
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.
Categories: Security News

CVE-2018-5522

National Vulnerability Database - Fri, 06/01/2018 - 10:29
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.
Categories: Security News

CVE-2018-5523

National Vulnerability Database - Fri, 06/01/2018 - 10:29
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
Categories: Security News

CVE-2018-5524

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.
Categories: Security News

CVE-2018-5525

National Vulnerability Database - Fri, 06/01/2018 - 10:29
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.
Categories: Security News

CVE-2018-5526

National Vulnerability Database - Fri, 06/01/2018 - 10:29
Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.
Categories: Security News

CVE-2018-7949

National Vulnerability Database - Fri, 06/01/2018 - 10:29
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users.
Categories: Security News

CVE-2018-7950

National Vulnerability Database - Fri, 06/01/2018 - 10:29
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Categories: Security News

CVE-2018-7951

National Vulnerability Database - Fri, 06/01/2018 - 10:29
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
Categories: Security News

Pages