News aggregator

CVE-2017-1233

National Vulnerability Database - Wed, 01/31/2018 - 10:29
IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.
Categories: Security News

CVE-2017-1773

National Vulnerability Database - Wed, 01/31/2018 - 10:29
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Categories: Security News

CVE-2017-1000411

National Vulnerability Database - Wed, 01/31/2018 - 09:29
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout.
Categories: Security News

CVE-2017-15698

National Vulnerability Database - Wed, 01/31/2018 - 09:29
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.
Categories: Security News

CVE-2017-15706

National Vulnerability Database - Wed, 01/31/2018 - 09:29
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
Categories: Security News

CVE-2017-16858

National Vulnerability Database - Wed, 01/31/2018 - 09:29
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.
Categories: Security News

CVE-2018-1000001

National Vulnerability Database - Wed, 01/31/2018 - 09:29
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Categories: Security News

Bugtraq: SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433
Categories: Security News

Bugtraq: [SECURITY] [DSA 4094-2] smarty3 security update

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
[SECURITY] [DSA 4094-2] smarty3 security update
Categories: Security News

Bugtraq: Defense in depth -- the Microsoft way (part 49): fun with application manifests

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 03:20
Defense in depth -- the Microsoft way (part 49): fun with application manifests
Categories: Security News

CVE-2018-6412

National Vulnerability Database - Wed, 01/31/2018 - 02:29
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
Categories: Security News

Vuln: Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 01/31/2018 - 00:00
Cisco Adaptive Security Appliance CVE-2018-0101 Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-6405

National Vulnerability Database - Tue, 01/30/2018 - 16:29
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
Categories: Security News

CVE-2018-6406

National Vulnerability Database - Tue, 01/30/2018 - 16:29
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact.
Categories: Security News

CVE-2018-6407

National Vulnerability Database - Tue, 01/30/2018 - 16:29
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.
Categories: Security News

CVE-2018-6408

National Vulnerability Database - Tue, 01/30/2018 - 16:29
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account.
Categories: Security News

CVE-2011-2902

National Vulnerability Database - Tue, 01/30/2018 - 15:29
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
Categories: Security News

CVE-2016-6598

National Vulnerability Database - Tue, 01/30/2018 - 15:29
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
Categories: Security News

CVE-2016-6599

National Vulnerability Database - Tue, 01/30/2018 - 15:29
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
Categories: Security News

CVE-2018-5441

National Vulnerability Database - Tue, 01/30/2018 - 15:29
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
Categories: Security News

Pages