News aggregator

Vuln: LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Mon, 05/07/2018 - 00:00
LibTIFF CVE-2018-10779 Heap Based Buffer Overflow Vulnerability
Categories: Security News

CVE-2018-10771

National Vulnerability Database - Sun, 05/06/2018 - 22:29
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-10772

National Vulnerability Database - Sun, 05/06/2018 - 22:29
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-10767

National Vulnerability Database - Sun, 05/06/2018 - 19:29
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
Categories: Security News

CVE-2018-10768

National Vulnerability Database - Sun, 05/06/2018 - 19:29
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Categories: Security News

CVE-2018-0494

National Vulnerability Database - Sun, 05/06/2018 - 18:29
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
Categories: Security News

CVE-2018-10686

National Vulnerability Database - Sun, 05/06/2018 - 01:29
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
Categories: Security News

CVE-2018-10723

National Vulnerability Database - Sat, 05/05/2018 - 18:29
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
Categories: Security News

CVE-2018-10757

National Vulnerability Database - Sat, 05/05/2018 - 15:29
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
Categories: Security News

CVE-2018-10758

National Vulnerability Database - Sat, 05/05/2018 - 15:29
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
Categories: Security News

Bugtraq: [slackware-security] seamonkey (SSA:2018-123-01)

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[slackware-security] seamonkey (SSA:2018-123-01)
Categories: Security News

Bugtraq: Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
Updated VMSA-2018-0007.3: VMware Virtual Appliance updates address side-channel analysis due to speculative execution
Categories: Security News

Bugtraq: [SECURITY] [DSA 4191-1] redmine security update

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[SECURITY] [DSA 4191-1] redmine security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4190-1] jackson-databind security update

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 01:20
[SECURITY] [DSA 4190-1] jackson-databind security update
Categories: Security News

Vuln: Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability

SecurityFocus Vulnerabilities - Sat, 05/05/2018 - 00:00
Linux Kernel 'fs/userfaultfd.c' Local Use After Free Memory Corruption Vulnerability
Categories: Security News

CVE-2018-10752

National Vulnerability Database - Fri, 05/04/2018 - 22:29
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
Categories: Security News

CVE-2018-10753

National Vulnerability Database - Fri, 05/04/2018 - 22:29
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-10754

National Vulnerability Database - Fri, 05/04/2018 - 22:29
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.
Categories: Security News

CVE-2018-9154

National Vulnerability Database - Fri, 05/04/2018 - 17:29
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack.
Categories: Security News

CVE-2011-0704

National Vulnerability Database - Fri, 05/04/2018 - 16:29
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
Categories: Security News

Pages