News aggregator

Vuln: Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 11/07/2017 - 00:00
Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/07/2017 - 00:00
Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: IBM OpenPages GRC Platform CVE-2017-1290 Unspecified Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Tue, 11/07/2017 - 00:00
IBM OpenPages GRC Platform CVE-2017-1290 Unspecified Cross Site Scripting Vulnerability
Categories: Security News

CVE-2017-13680

National Vulnerability Database - Mon, 11/06/2017 - 18:29
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
Categories: Security News

CVE-2017-13681

National Vulnerability Database - Mon, 11/06/2017 - 18:29
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.
Categories: Security News

CVE-2017-16638

National Vulnerability Database - Mon, 11/06/2017 - 18:29
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
Categories: Security News

CVE-2017-6331

National Vulnerability Database - Mon, 11/06/2017 - 18:29
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
Categories: Security News

CVE-2017-12719

National Vulnerability Database - Mon, 11/06/2017 - 17:29
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
Categories: Security News

CVE-2017-14016

National Vulnerability Database - Mon, 11/06/2017 - 17:29
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
Categories: Security News

CVE-2017-14023

National Vulnerability Database - Mon, 11/06/2017 - 17:29
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
Categories: Security News

CVE-2017-14025

National Vulnerability Database - Mon, 11/06/2017 - 17:29
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
Categories: Security News

CVE-2017-14029

National Vulnerability Database - Mon, 11/06/2017 - 17:29
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
Categories: Security News

CVE-2017-14031

National Vulnerability Database - Mon, 11/06/2017 - 17:29
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
Categories: Security News

CVE-2017-16635

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.
Categories: Security News

CVE-2017-16636

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.
Categories: Security News

CVE-2017-16637

National Vulnerability Database - Mon, 11/06/2017 - 17:29
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.
Categories: Security News

CVE-2017-15306

National Vulnerability Database - Mon, 11/06/2017 - 13:29
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
Categories: Security News

CVE-2015-7529

National Vulnerability Database - Mon, 11/06/2017 - 12:29
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
Categories: Security News

CVE-2015-7878

National Vulnerability Database - Mon, 11/06/2017 - 12:29
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
Categories: Security News

CVE-2017-11177

National Vulnerability Database - Mon, 11/06/2017 - 12:29
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.
Categories: Security News

Pages