Archive | Security Bulletins RSS feed for this section

CVE-2018-14623

A SQL injection flaw was found in katello’s errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable.

Leave a comment Continue Reading →

CVE-2018-18096

Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.

Leave a comment Continue Reading →

CVE-2018-18093

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.

Leave a comment Continue Reading →

Bombstortion?? Boomstortion??, (Fri, Dec 14th)

First sextortion, now bombstortion? Today we have received a couple of reports of a new email based extortion message being delivered to email boxes.  In clumsy English, the message threatens that a bomb has been planted in your building, and if you don’t pay 20000 in bitcoin, approximately $6.5 million USD, by the end of the […]

Leave a comment Continue Reading →

CVE-2018-12076

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer’s MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could […]

Leave a comment Continue Reading →

CVE-2018-19364

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

Leave a comment Continue Reading →

CVE-2018-19439

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.

Leave a comment Continue Reading →

CVE-2018-18923

AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.

Leave a comment Continue Reading →

CVE-2018-19118

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the ‘Domain Name’ field when adding a new domain.

Leave a comment Continue Reading →

CVE-2018-18922

add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.

Leave a comment Continue Reading →