Security Advisory 0034

Security Advisory 0034 PDF Date: May 2nd, 2018 Version: 1.0 Revision| Date| Changes ---|---|--- 1.0 | May 2nd, 2018 | Initial Release Affected Platforms: All EOS platforms Affected Software Version: 4.20.1FX-Virtual-Router The CVE-ID tracking this issue is CVE-2017-18017 CVSS v3: 9.8...

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...

Cloud Credentials: New Attack Surface for Old Problem

SAN FRANCISCO – Credential theft and abuse have long been a nagging problem for local network administrators. The threat surface ranges from pretexting scams to insiders who abuse network privileges in order to grant themselves higher permissions than otherwise assigned. Here at RSA Conference,...

Roblox: Subdomain Takeover to Authentication bypass

Vulnerability Type: ----------- Subdomain Takeover Description: ----------- Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from devrel.roblox.com and perform different kind of attacks which i shared in impact section. Affected Area: -----------...

IBM DB2 and DB2 Connect Server File Overwrite Vulnerability

IBM DB2 and DB2 Connect Server are both database products from IBM Corporation, U.S.A. DB2 is a relational database management system for large-scale application environments.DB2 Connect Server is a mainframe database system that connects desktop and mobile palm-top applications to mainframes and...

New Relic: Drupal admin takeover via install.php not being performed prior to install.

@grampae discovered an uninitialized Drupal instance running on one of our properties being hosted by a third party provider, an issue we've seen previously. To prevent this issue from surfacing again, we decommissioned the related domains and contacted the provider with details of the issue...

CVE-2017-0920

CVE-2017-0920 affects GitLab CE/EE before 10.1.6, 10.2.6, and 10.3.4. The root cause is an authorization bypass in the Projects::MergeRequests::CreationsController, allowing an attacker to view the name of every project and its namespace on the GitLab instance. The impact is information disclosur...

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

Oracle Database Server Multiple Unspecified Vulnerabilities-01 (Mar 2018)

Oracle Database Server is prone to multiple unspecified security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Elastic Logstash 'CVE-2016-10363' DoS Vulnerability

Elastic Logstash is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Virtualized Packet Core-Distributed Instance Software Denial of Service Vulnerability

Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software is a productized version of Cisco's StarOS software that is deployed on a dedicated hardware platform.The Cisco StarOS operating The Cisco StarOS operating system is one of the virtualization operating systems. A denial of service...

SAP NetWeaver Instance Agent Service Denial of Service Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver Instance Agent Service. An attacker could cause a deni...

CVE-2018-6488 MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution...

Unable to See All Virtual Servers Present on an Instance Using NetScaler MAS

Unable to see all the virtual servers that are present on an instance using NetScaler MAS...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...