News aggregator

CVE-2018-14616

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
Categories: Security News

CVE-2018-14617

National Vulnerability Database - Fri, 07/27/2018 - 00:29
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
Categories: Security News

Vuln: Linux Kernel Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Fri, 07/27/2018 - 00:00
Linux Kernel Multiple Denial of Service Vulnerabilities
Categories: Security News

CVE-2018-14601

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
Categories: Security News

CVE-2018-14602

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
Categories: Security News

CVE-2018-14603

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
Categories: Security News

CVE-2018-14604

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
Categories: Security News

CVE-2018-14605

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
Categories: Security News

CVE-2018-14606

National Vulnerability Database - Thu, 07/26/2018 - 22:29
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
Categories: Security News

CVE-2018-14607

National Vulnerability Database - Thu, 07/26/2018 - 18:29
Thompson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information.
Categories: Security News

CVE-2018-14608

National Vulnerability Database - Thu, 07/26/2018 - 18:29
Thompson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories (%install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17) that can be bypassed without authentication by examining the strings of the .XX17 file. The strings stored in the .XX17 file contain each customer's: Full Name, Spouse's Name, Social Security Number, Date of Birth, Occupation, Home Address, Daytime Phone Number, Home Phone Number, Spouse's Address, Spouse's Daytime Phone Number, Spouse's Social Security Number, Spouse's Home Phone Number, Spouse's Occupation, Spouse's Date of Birth, and Spouse's Filing Status.
Categories: Security News

CVE-2015-9261

National Vulnerability Database - Thu, 07/26/2018 - 15:29
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
Categories: Security News

CVE-2017-18344

National Vulnerability Database - Thu, 07/26/2018 - 15:29
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
Categories: Security News

CVE-2018-9068

National Vulnerability Database - Thu, 07/26/2018 - 15:29
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
Categories: Security News

CVE-2017-12150

National Vulnerability Database - Thu, 07/26/2018 - 14:29
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
Categories: Security News

CVE-2018-10876

National Vulnerability Database - Thu, 07/26/2018 - 14:29
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
Categories: Security News

CVE-2018-10878

National Vulnerability Database - Thu, 07/26/2018 - 14:29
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
Categories: Security News

CVE-2018-10879

National Vulnerability Database - Thu, 07/26/2018 - 14:29
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
Categories: Security News

CVE-2018-10881

National Vulnerability Database - Thu, 07/26/2018 - 14:29
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Categories: Security News

CVE-2017-12167

National Vulnerability Database - Thu, 07/26/2018 - 13:29
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Categories: Security News

Pages