News aggregator

CVE-2017-1148

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201.
Categories: Security News

CVE-2017-1290

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151.
Categories: Security News

CVE-2017-1300

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
Categories: Security News

CVE-2017-1333

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241.
Categories: Security News

CVE-2017-1340

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report bulder interacts with. IBM X-Force ID: 126455.
Categories: Security News

CVE-2017-1552

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.
Categories: Security News

CVE-2017-1553

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397.
Categories: Security News

CVE-2017-1554

National Vulnerability Database - Wed, 11/01/2017 - 17:29
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398.
Categories: Security News

CVE-2017-1001001

National Vulnerability Database - Wed, 11/01/2017 - 13:29
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Categories: Security News

CVE-2017-14992

National Vulnerability Database - Wed, 11/01/2017 - 13:29
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Categories: Security News

CVE-2017-15566

National Vulnerability Database - Wed, 11/01/2017 - 13:29
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
Categories: Security News

CVE-2017-15918

National Vulnerability Database - Wed, 11/01/2017 - 13:29
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
Categories: Security News

CVE-2017-16357

National Vulnerability Database - Wed, 11/01/2017 - 13:29
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
Categories: Security News

CVE-2017-16358

National Vulnerability Database - Wed, 11/01/2017 - 13:29
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
Categories: Security News

CVE-2017-16359

National Vulnerability Database - Wed, 11/01/2017 - 13:29
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
Categories: Security News

CVE-2017-16352

National Vulnerability Database - Wed, 11/01/2017 - 11:29
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
Categories: Security News

CVE-2017-16353

National Vulnerability Database - Wed, 11/01/2017 - 11:29
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
Categories: Security News

CVE-2017-1000242

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
Categories: Security News

CVE-2017-1000243

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
Categories: Security News

CVE-2017-1000244

National Vulnerability Database - Wed, 11/01/2017 - 09:29
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
Categories: Security News

Pages