News aggregator

CVE-2018-10164

National Vulnerability Database - Thu, 05/03/2018 - 14:29
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.
Categories: Security News

CVE-2018-10165

National Vulnerability Database - Thu, 05/03/2018 - 14:29
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.
Categories: Security News

CVE-2018-10166

National Vulnerability Database - Thu, 05/03/2018 - 14:29
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.
Categories: Security News

CVE-2018-10167

National Vulnerability Database - Thu, 05/03/2018 - 14:29
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.
Categories: Security News

CVE-2018-10168

National Vulnerability Database - Thu, 05/03/2018 - 14:29
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.
Categories: Security News

CVE-2018-10718

National Vulnerability Database - Thu, 05/03/2018 - 14:29
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
Categories: Security News

CVE-2018-10716

National Vulnerability Database - Thu, 05/03/2018 - 13:29
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered.
Categories: Security News

CVE-2018-10717

National Vulnerability Database - Thu, 05/03/2018 - 13:29
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
Categories: Security News

Hyper-V Debugging Symbols Are Publicly Available

Security Research & Defense - Thu, 05/03/2018 - 13:18

The security of Microsoft’s cloud services is a top priority for us. One of the technologies that is central to cloud security is Microsoft Hyper-V which we use to isolate tenants from one another in the cloud. Given the importance of this technology, Microsoft has made and continues to make significant investment in the security of Hyper-V and the powerful security features that it enables, such as Virtualization-Based Security (VBS). To reinforce this commitment, Microsoft offers rewards of up to $250,000 USD for the discovery of vulnerabilities in Hyper-V through our Hyper-V Bounty Program.

We would like to share with the security community that we have now released debugging symbols for many of the core components in Hyper-V, with some exceptions such as the hypervisor where we would like to avoid our customers taking a dependency on undocumented hypercalls for instance.

The symbols that have been made available allow security researchers to better analyze Hyper-V’s implementation and report any vulnerabilities that may exist as part of our Hyper-V Bounty Program. The list of the components that now have debugging symbols available can be found at this blogpost by the Microsoft Virtualization team.

We believe this is a step towards contributing more and more from our internal knowledge back to the security research community. As always, please let us know if you find any new vulnerabilities at secure@microsoft.com , or if you have any other questions @msftsecresponse.

MSRC Vulnerabilities and Mitigations Team

Categories: Security News

CVE-2018-10713

National Vulnerability Database - Thu, 05/03/2018 - 12:29
An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code.
Categories: Security News

CVE-2018-4849

National Vulnerability Database - Thu, 05/03/2018 - 09:29
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.
Categories: Security News

CVE-2018-10689

National Vulnerability Database - Thu, 05/03/2018 - 03:29
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
Categories: Security News

CVE-2018-10666

National Vulnerability Database - Thu, 05/03/2018 - 00:29
The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.
Categories: Security News

Bugtraq: CA20180501-01: Security Notice for CA Spectrum

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 23:20
CA20180501-01: Security Notice for CA Spectrum
Categories: Security News

Bugtraq: [SECURITY] [DSA 4188-1] linux security update

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 23:20
[SECURITY] [DSA 4188-1] linux security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4187-1] linux security update

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 23:20
[SECURITY] [DSA 4187-1] linux security update
Categories: Security News

Bugtraq: Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF

SecurityFocus Vulnerabilities - Wed, 05/02/2018 - 23:20
Trovebox <= 4.0.0-rc6 Authentication Bypass, SQLi, SSRF
Categories: Security News

CVE-2016-10721

National Vulnerability Database - Wed, 05/02/2018 - 19:29
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.
Categories: Security News

CVE-2016-10722

National Vulnerability Database - Wed, 05/02/2018 - 19:29
partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.
Categories: Security News

CVE-2018-0281

National Vulnerability Database - Wed, 05/02/2018 - 18:29
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808.
Categories: Security News

Pages