News aggregator

CVE-2018-7904

National Vulnerability Database - Thu, 05/24/2018 - 10:29
Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system.
Categories: Security News

CVE-2018-7942

National Vulnerability Database - Thu, 05/24/2018 - 10:29
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak.
Categories: Security News

CVE-2018-1000040

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
Categories: Security News

CVE-2018-1000155

National Vulnerability Database - Thu, 05/24/2018 - 09:29
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
Categories: Security News

CVE-2018-1000199

National Vulnerability Database - Thu, 05/24/2018 - 09:29
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Categories: Security News

CVE-2018-1000300

National Vulnerability Database - Thu, 05/24/2018 - 09:29
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
Categories: Security News

CVE-2018-1000301

National Vulnerability Database - Thu, 05/24/2018 - 09:29
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Categories: Security News

CVE-2018-9920

National Vulnerability Database - Thu, 05/24/2018 - 09:29
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
Categories: Security News

CVE-2017-9421

National Vulnerability Database - Thu, 05/24/2018 - 09:29
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
Categories: Security News

CVE-2018-1000036

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
Categories: Security News

CVE-2018-1000037

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
Categories: Security News

CVE-2018-1000038

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
Categories: Security News

CVE-2018-1000039

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Categories: Security News

CVE-2018-11411

National Vulnerability Database - Thu, 05/24/2018 - 08:29
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.
Categories: Security News

CVE-2018-11403

National Vulnerability Database - Thu, 05/24/2018 - 03:29
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
Categories: Security News

CVE-2018-11404

National Vulnerability Database - Thu, 05/24/2018 - 03:29
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
Categories: Security News

CVE-2018-11405

National Vulnerability Database - Thu, 05/24/2018 - 03:29
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
Categories: Security News

CVE-2018-11410

National Vulnerability Database - Thu, 05/24/2018 - 03:29
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11399

National Vulnerability Database - Thu, 05/24/2018 - 01:29
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.
Categories: Security News

CVE-2018-11400

National Vulnerability Database - Thu, 05/24/2018 - 01:29
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.
Categories: Security News

Pages