News aggregator

CVE-2018-18701

National Vulnerability Database - Mon, 10/29/2018 - 08:29
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.
Categories: Security News

CVE-2018-18702

National Vulnerability Database - Mon, 10/29/2018 - 08:29
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Categories: Security News

CVE-2016-10732

National Vulnerability Database - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Categories: Security News

CVE-2016-10733

National Vulnerability Database - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Categories: Security News

CVE-2016-10734

National Vulnerability Database - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Categories: Security News

CVE-2016-10731

National Vulnerability Database - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
Categories: Security News

Vuln: Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability
Categories: Security News

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Categories: Security News

Vuln: Mozilla Firefox ESR CVE-2018-12389 Multiple Memory Corruption Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Mozilla Firefox ESR CVE-2018-12389 Multiple Memory Corruption Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-18690

National Vulnerability Database - Fri, 10/26/2018 - 14:29
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
Categories: Security News

CVE-2018-4022

National Vulnerability Database - Fri, 10/26/2018 - 13:29
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-6559

National Vulnerability Database - Fri, 10/26/2018 - 13:29
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
Categories: Security News

CVE-2018-18661

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
Categories: Security News

CVE-2018-18662

National Vulnerability Database - Fri, 10/26/2018 - 10:29
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
Categories: Security News

CVE-2018-18657

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
Categories: Security News

CVE-2018-18658

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
Categories: Security News

CVE-2018-18659

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
Categories: Security News

CVE-2018-18660

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
Categories: Security News

CVE-2018-15686

National Vulnerability Database - Fri, 10/26/2018 - 10:29
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Categories: Security News

Pages