News aggregator

CVE-2017-2592

National Vulnerability Database - Tue, 05/08/2018 - 13:29
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
Categories: Security News

CVE-2017-2594

National Vulnerability Database - Tue, 05/08/2018 - 13:29
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
Categories: Security News

CVE-2018-1000168

National Vulnerability Database - Tue, 05/08/2018 - 11:29
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
Categories: Security News

CVE-2018-1000173

National Vulnerability Database - Tue, 05/08/2018 - 11:29
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Categories: Security News

CVE-2018-1000174

National Vulnerability Database - Tue, 05/08/2018 - 11:29
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.
Categories: Security News

CVE-2018-1000175

National Vulnerability Database - Tue, 05/08/2018 - 11:29
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Categories: Security News

CVE-2018-1000176

National Vulnerability Database - Tue, 05/08/2018 - 11:29
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.
Categories: Security News

CVE-2018-1000177

National Vulnerability Database - Tue, 05/08/2018 - 11:29
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Categories: Security News

CVE-2018-1000178

National Vulnerability Database - Tue, 05/08/2018 - 11:29
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
Categories: Security News

CVE-2018-1000179

National Vulnerability Database - Tue, 05/08/2018 - 11:29
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
Categories: Security News

CVE-2018-1239

National Vulnerability Database - Tue, 05/08/2018 - 09:29
Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.
Categories: Security News

CVE-2018-1247

National Vulnerability Database - Tue, 05/08/2018 - 09:29
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.
Categories: Security News

CVE-2018-1248

National Vulnerability Database - Tue, 05/08/2018 - 09:29
RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains.
Categories: Security News

CVE-2018-10380

National Vulnerability Database - Tue, 05/08/2018 - 08:29
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
Categories: Security News

Bugtraq: WebKitGTK+ Security Advisory WSA-2018-0004

SecurityFocus Vulnerabilities - Tue, 05/08/2018 - 04:20
WebKitGTK+ Security Advisory WSA-2018-0004
Categories: Security News

Bugtraq: CANADIAN JOB VACANCY!!!

SecurityFocus Vulnerabilities - Tue, 05/08/2018 - 04:20
CANADIAN JOB VACANCY!!!
Categories: Security News

Bugtraq: [SECURITY] [DSA 4194-1] lucene-solr security update

SecurityFocus Vulnerabilities - Tue, 05/08/2018 - 04:20
[SECURITY] [DSA 4194-1] lucene-solr security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4193-1] wordpress security update

SecurityFocus Vulnerabilities - Tue, 05/08/2018 - 04:20
[SECURITY] [DSA 4193-1] wordpress security update
Categories: Security News

CVE-2018-10734

National Vulnerability Database - Tue, 05/08/2018 - 03:29
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
Categories: Security News

CVE-2018-10804

National Vulnerability Database - Tue, 05/08/2018 - 03:29
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
Categories: Security News

Pages