News aggregator

CVE-2018-12461

National Vulnerability Database - Tue, 07/10/2018 - 14:29
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Categories: Security News

CVE-2018-13843

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c.
Categories: Security News

CVE-2018-13844

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.
Categories: Security News

CVE-2018-13845

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
Categories: Security News

CVE-2018-13846

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read.
Categories: Security News

CVE-2018-13847

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.
Categories: Security News

CVE-2018-13848

National Vulnerability Database - Tue, 07/10/2018 - 14:29
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.
Categories: Security News

CVE-2018-13849

National Vulnerability Database - Tue, 07/10/2018 - 14:29
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.
Categories: Security News

CVE-2018-13850

National Vulnerability Database - Tue, 07/10/2018 - 14:29
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
Categories: Security News

CVE-2018-2427

National Vulnerability Database - Tue, 07/10/2018 - 14:29
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
Categories: Security News

CVE-2018-2431

National Vulnerability Database - Tue, 07/10/2018 - 14:29
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Categories: Security News

CVE-2018-2432

National Vulnerability Database - Tue, 07/10/2018 - 14:29
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.
Categories: Security News

CVE-2018-2433

National Vulnerability Database - Tue, 07/10/2018 - 14:29
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Categories: Security News

CVE-2018-2434

National Vulnerability Database - Tue, 07/10/2018 - 14:29
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
Categories: Security News

CVE-2018-1331

National Vulnerability Database - Tue, 07/10/2018 - 13:29
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Categories: Security News

CVE-2017-1729

National Vulnerability Database - Tue, 07/10/2018 - 12:29
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909.
Categories: Security News

CVE-2017-1738

National Vulnerability Database - Tue, 07/10/2018 - 12:29
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.
Categories: Security News

CVE-2017-1791

National Vulnerability Database - Tue, 07/10/2018 - 12:29
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137036.
Categories: Security News

CVE-2017-1792

National Vulnerability Database - Tue, 07/10/2018 - 12:29
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137037.
Categories: Security News

CVE-2017-1793

National Vulnerability Database - Tue, 07/10/2018 - 12:29
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137038.
Categories: Security News

Pages