News aggregator

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg

SecurityFocus Vulnerabilities - Wed, 05/09/2018 - 04:20
FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg
Categories: Security News

Bugtraq: APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001

SecurityFocus Vulnerabilities - Wed, 05/09/2018 - 04:20
APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001
Categories: Security News

CVE-2018-10184

National Vulnerability Database - Wed, 05/09/2018 - 03:29
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the SETTINGS frame, a wrapped frame will be defragmented into a temporary allocated buffer where the second fragment may overflow the heap by up to 16 kB. It is very unlikely that this can be exploited for code execution given that buffers are very short lived and their addresses not realistically predictable in production, but the likelihood of an immediate crash is absolutely certain.
Categories: Security News

CVE-2018-10830

National Vulnerability Database - Wed, 05/09/2018 - 03:29
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.
Categories: Security News

CVE-2018-10831

National Vulnerability Database - Wed, 05/09/2018 - 01:29
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.
Categories: Security News

CVE-2018-10827

National Vulnerability Database - Wed, 05/09/2018 - 00:29
LiteCart 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request.
Categories: Security News

Vuln: Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Wed, 05/09/2018 - 00:00
Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
Categories: Security News

Vuln: Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 05/09/2018 - 00:00
Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-10705

National Vulnerability Database - Tue, 05/08/2018 - 23:29
The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service attack.
Categories: Security News

CVE-2018-10817

National Vulnerability Database - Tue, 05/08/2018 - 23:29
Severalnines ClusterControl before 1.6.0-4699 allows XSS.
Categories: Security News

CVE-2015-1503

National Vulnerability Database - Tue, 05/08/2018 - 16:29
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
Categories: Security News

CVE-2017-2606

National Vulnerability Database - Tue, 05/08/2018 - 16:29
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
Categories: Security News

CVE-2018-10812

National Vulnerability Database - Tue, 05/08/2018 - 15:29
The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).
Categories: Security News

CVE-2018-6920

National Vulnerability Database - Tue, 05/08/2018 - 15:29
In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
Categories: Security News

CVE-2018-6921

National Vulnerability Database - Tue, 05/08/2018 - 15:29
In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.
Categories: Security News

CVE-2017-2611

National Vulnerability Database - Tue, 05/08/2018 - 14:29
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.
Categories: Security News

CVE-2018-6510

National Vulnerability Database - Tue, 05/08/2018 - 14:29
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
Categories: Security News

CVE-2018-6511

National Vulnerability Database - Tue, 05/08/2018 - 14:29
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
Categories: Security News

CVE-2018-8897

National Vulnerability Database - Tue, 05/08/2018 - 14:29
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
Categories: Security News

CVE-2017-2592

National Vulnerability Database - Tue, 05/08/2018 - 13:29
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Categories: Security News

Pages