[ASA-201807-13] networkmanager-vpnc: privilege escalation

Arch Linux Security Advisory ASA-201807-13 ========================================== Severity: High Date : 2018-07-20 CVE-ID : CVE-2018-10900 Package : networkmanager-vpnc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-739 Summary ======= The package...

Adobe Acrobat Pro DC HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

ManageEngine Exchange Reporter Plus Remote Code Execution Vulnerability

ManageEngine Exchange Reporter Plus is a Web-based analysis and reporting solution for Microsoft Exchange Server. ManageEngine Exchange Reporter Plus =5310 has a remote code execution vulnerability in its implementation. The vulnerability stems from the Java servlet 'ADSHACluster' when executing...

Binance v1.5.0 - Insecure File Permission Vulnerability

Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2135 Release Date: ============= 2018-07-16 Vulnerability Laboratory ID VL-ID: ====================================...

Security update for nodejs6 (moderate)

This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service DoS vulnerability in Buffer.fill, which could hang when being called CVE-2018-7167, bsc1097375. The following other changes were made: - Use absolu...

CVE-2016-9486

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector...

Code injection

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector...

CVE-2018-10631

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

Apache CouchDB - Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache CouchDB Arbitrary Command Execution', 'Description' = %q CouchDB administrative users can configure the database server via HTTPS. Some of...

Gaza Cybergang Returns With New Attacks On Palestinian Authority

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT advanced persistent threat surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email se...

CVE-2018-13139

A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave...

SUSE-SU-2018:1892-1 Security update for nodejs6

This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service DoS vulnerability in Buffer.fill, which could hang when being called CVE-2018-7167, bsc1097375. The following other changes were made: - Use absolu...

Stack overflow

A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave...

CVE-2018-13139

A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave...

CVE-2018-13139

A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave...

CVE-2018-13139

A stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave...

GNU Binutils Denial of Service Vulnerability (CNVD-2018-13846 )

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

DEBIAN-CVE-2018-13033

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...

CVE-2018-13012

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...

Mozilla Firefox Code Execution Vulnerability (CNVD-2018-13891)

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox prior to version 61, Firefox ESR prior to...