News aggregator

CVE-2017-14481

National Vulnerability Database - Wed, 05/09/2018 - 16:29
In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability.
Categories: Security News

CVE-2018-2415

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
Categories: Security News

CVE-2018-2416

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Identity Management 8.0 does not sufficiently validate an XML document accepted from an untrusted source.
Categories: Security News

CVE-2018-2417

National Vulnerability Database - Wed, 05/09/2018 - 16:29
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
Categories: Security News

CVE-2018-2418

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Categories: Security News

CVE-2018-2419

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Categories: Security News

CVE-2018-2420

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
Categories: Security News

CVE-2018-2421

National Vulnerability Database - Wed, 05/09/2018 - 16:29
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Categories: Security News

CVE-2018-8179

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
Categories: Security News

CVE-2018-8866

National Vulnerability Database - Wed, 05/09/2018 - 15:29
In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.
Categories: Security News

CVE-2018-8147

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
Categories: Security News

CVE-2018-8148

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
Categories: Security News

CVE-2018-8149

National Vulnerability Database - Wed, 05/09/2018 - 15:29
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.
Categories: Security News

CVE-2018-8150

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka "Microsoft Outlook Security Feature Bypass Vulnerability." This affects Microsoft Office.
Categories: Security News

CVE-2018-8151

National Vulnerability Database - Wed, 05/09/2018 - 15:29
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.
Categories: Security News

CVE-2018-8152

National Vulnerability Database - Wed, 05/09/2018 - 15:29
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
Categories: Security News

CVE-2018-8153

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.
Categories: Security News

CVE-2018-8154

National Vulnerability Database - Wed, 05/09/2018 - 15:29
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.
Categories: Security News

CVE-2018-8155

National Vulnerability Database - Wed, 05/09/2018 - 15:29
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.
Categories: Security News

CVE-2018-8156

National Vulnerability Database - Wed, 05/09/2018 - 15:29
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.
Categories: Security News

Pages