News aggregator

CVE-2018-12336

National Vulnerability Database - Sun, 06/17/2018 - 12:29
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
Categories: Security News

CVE-2018-12337

National Vulnerability Database - Sun, 06/17/2018 - 12:29
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
Categories: Security News

CVE-2018-12338

National Vulnerability Database - Sun, 06/17/2018 - 12:29
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.
Categories: Security News

CVE-2018-12326

National Vulnerability Database - Sun, 06/17/2018 - 10:29
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
Categories: Security News

CVE-2018-12454

National Vulnerability Database - Sun, 06/17/2018 - 08:29
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.
Categories: Security News

Vuln: Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities - Sun, 06/17/2018 - 00:00
Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
Categories: Security News

CVE-2018-12453

National Vulnerability Database - Sat, 06/16/2018 - 13:29
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
Categories: Security News

CVE-2018-12503

National Vulnerability Database - Sat, 06/16/2018 - 11:29
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.
Categories: Security News

CVE-2018-12504

National Vulnerability Database - Sat, 06/16/2018 - 11:29
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.
Categories: Security News

CVE-2018-12501

National Vulnerability Database - Sat, 06/16/2018 - 09:29
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
Categories: Security News

More rss feeds from SecurityFocus

SecurityFocus Vulnerabilities - Sat, 06/16/2018 - 06:20
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories: Security News

CVE-2018-9859

National Vulnerability Database - Fri, 06/15/2018 - 21:29
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
Categories: Security News

CVE-2018-5751

National Vulnerability Database - Fri, 06/15/2018 - 21:29
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
Categories: Security News

CVE-2018-5752

National Vulnerability Database - Fri, 06/15/2018 - 21:29
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
Categories: Security News

CVE-2018-5753

National Vulnerability Database - Fri, 06/15/2018 - 21:29
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.
Categories: Security News

CVE-2018-5754

National Vulnerability Database - Fri, 06/15/2018 - 21:29
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.
Categories: Security News

CVE-2018-5755

National Vulnerability Database - Fri, 06/15/2018 - 21:29
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
Categories: Security News

CVE-2018-5756

National Vulnerability Database - Fri, 06/15/2018 - 21:29
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.
Categories: Security News

CVE-2018-6496

National Vulnerability Database - Fri, 06/15/2018 - 21:29
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
Categories: Security News

CVE-2018-6497

National Vulnerability Database - Fri, 06/15/2018 - 21:29
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
Categories: Security News

Pages