News aggregator

CVE-2018-7934

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures.
Categories: Security News

CVE-2018-7947

National Vulnerability Database - Tue, 07/31/2018 - 10:29
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones.
Categories: Security News

CVE-2018-1638

National Vulnerability Database - Tue, 07/31/2018 - 09:29
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
Categories: Security News

CVE-2018-1718

National Vulnerability Database - Tue, 07/31/2018 - 09:29
IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166.
Categories: Security News

CVE-2018-8019

National Vulnerability Database - Tue, 07/31/2018 - 09:29
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
Categories: Security News

CVE-2018-8020

National Vulnerability Database - Tue, 07/31/2018 - 09:29
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
Categories: Security News

CVE-2018-8027

National Vulnerability Database - Tue, 07/31/2018 - 09:29
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Categories: Security News

CVE-2018-14767

National Vulnerability Database - Tue, 07/31/2018 - 02:29
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.
Categories: Security News

Vuln: Intel Puma CVE-2017-5693 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 00:00
Intel Puma CVE-2017-5693 Denial of Service Vulnerability
Categories: Security News

Vuln: Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 00:00
Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability
Categories: Security News

Vuln: Johnson Controls Metasys and BCPro CVE-2018-10624 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 00:00
Johnson Controls Metasys and BCPro CVE-2018-10624 Information Disclosure Vulnerability
Categories: Security News

Vuln: WECON LeviStudioU Multiple Buffer Overflow Vulnerabilities

SecurityFocus Vulnerabilities - Tue, 07/31/2018 - 00:00
WECON LeviStudioU Multiple Buffer Overflow Vulnerabilities
Categories: Security News

Pages