Wireshark Security Updates (wnpa-sec-2019-01) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

FasterXML Jackson Input Validation Error Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . An input validation error vulnerability exists in FasterXML Jackson. An attacker could exploit this vulnerability to cause a denial of service...

The vulnerability of the SVG vector graphics rendering library, librsvg, related to a data input validation error, allows attackers to trigger a service failure.

The vulnerability of the SVG vector graphics rendering library is related to an error in data input validation. This error may allow a hacker to intercept the Windows user’s password and NTLM credentials via the SMB protocol. Exploiting this vulnerability could enable a remote attacker to gain...

RHEL 7 : atomic-openshift (RHSA-2016:1427)

An update for atomic-openshift is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OMRON CX-One SBA File Parsing Buffer Overflow (CVE-2018-7514)

A heap-based overflow exists in OMRON CX-One SBA File Parsing. The vulnerability is due to input validation error when processing the SBA configuration file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Privilege Escalation

cloudfoundry-identity-server is vulnerable to privilege escalation attacks. The vulnerability exists due to an error in validation, allowing an authenticated user to gain an OAuth token with arbitrary scopes by modifying the url and content of the consent page...

CVE-2018-15761

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...

CVE-2018-15761 UAA Privilege Escalation

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...

CVE-2018-9347

In function SMFParseMetaEvent of file eassmf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

WordPress Plugin 'WP GDPR Compliance' < 1.4.3 Privilege Escalation

The WordPress application running on the remote host has a version of the 'WP GDPR Compliance' plugin that is prior to 1.4.3 and, thus, is affected by a user-input validation error that can allow privilege escalation attacks. Such attacks allow, among other actions, creation of new...

CVE-2018-15761: UAA Privilege Escalation | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa-release versions prior to v64.0 You are using uaa versions prior to 4.23.0 Description Cloud Foundry UAA, release versions prior to v64.0, contains a validation error which allows for...

Laquis SCADA aq Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within aq.exe. The issue...

Intel NUC FW kits input validation error vulnerability

Intel NUC FW kits is a mini-desktop from Intel Corporation USA.BIOS update utility is one of the BIOS update utilities. An input validation error vulnerability exists in Intel NUC FW kits. An attacker could exploit this vulnerability to cause a denial of service or information disclosure...

Microsoft Windows Multiple Vulnerabilities (KB4464330)

This host is missing a critical security update according to Microsoft KB4464330 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-5400 The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...

OMRON CX-One CX-FLnet Type Heap-based Buffer Overflow (CVE-2018-8834)

A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Type parameter of the FLN configuration file...

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: ​Use of Hard-Coded...

ABB Panel Builder 800 Stack-based Buffer Overflow (CVE-2018-10616)

A stack-based buffer overflow exists in ABB Panel Builder. The vulnerability is due to an input validation error while processing a parameter for ABB Comli OPC driver setting...

Web Servers Code Execution Over HTTP Request Parameters (CVE-2017-17055)

A cross-site scripting vulnerability exists on different web servers. The vulnerability is due to an input validation error in the parameters in the request URL. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server...

CVE-2018-11087 TLS validation error

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...