News aggregator

CVE-2018-5793

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
Categories: Security News

CVE-2018-5794

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.
Categories: Security News

CVE-2018-5795

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller.
Categories: Security News

CVE-2018-5796

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.
Categories: Security News

CVE-2018-5797

National Vulnerability Database - Sun, 02/04/2018 - 23:29
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
Categories: Security News

CVE-2018-6620

National Vulnerability Database - Sun, 02/04/2018 - 23:29
Odoo does not require authentication to be configured for a Backup Database action.
Categories: Security News

CVE-2018-6621

National Vulnerability Database - Sun, 02/04/2018 - 23:29
The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
Categories: Security News

CVE-2017-15536

National Vulnerability Database - Sun, 02/04/2018 - 22:29
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain access to the CDSW database which includes Kerberos keytabs of CDSW users and bcrypt hashed passwords, and gain access to other privileged information such as session tokens, invitation tokens, and environment variables.
Categories: Security News

CVE-2018-6188

National Vulnerability Database - Sun, 02/04/2018 - 22:29
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
Categories: Security News

CVE-2018-6616

National Vulnerability Database - Sun, 02/04/2018 - 17:29
In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Categories: Security News

CVE-2018-6612

National Vulnerability Database - Sun, 02/04/2018 - 10:29
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.
Categories: Security News

CVE-2018-6611

National Vulnerability Database - Sun, 02/04/2018 - 07:29
soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.
Categories: Security News

CVE-2017-17703

National Vulnerability Database - Sat, 02/03/2018 - 20:29
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
Categories: Security News

CVE-2017-8783

National Vulnerability Database - Sat, 02/03/2018 - 20:29
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
Categories: Security News

CVE-2018-6606

National Vulnerability Database - Sat, 02/03/2018 - 20:29
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.
Categories: Security News

CVE-2018-6596

National Vulnerability Database - Sat, 02/03/2018 - 16:29
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
Categories: Security News

CVE-2018-6593

National Vulnerability Database - Sat, 02/03/2018 - 13:29
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by connecting to the filter communication port and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.
Categories: Security News

CVE-2018-1184

National Vulnerability Database - Sat, 02/03/2018 - 11:29
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.
Categories: Security News

CVE-2018-1185

National Vulnerability Database - Sat, 02/03/2018 - 11:29
An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.
Categories: Security News

CVE-2009-5144

National Vulnerability Database - Sat, 02/03/2018 - 10:29
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
Categories: Security News

Pages