Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2016-10152 — Hesiod_project Hesiod: The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9470 — Revive-adserver Revive_adserver: `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. CVSSv3.1 9.0 (CRITICAL)
CVE-2016-9469 — Gitlab Gitlab: Multiple versions of GitLab expose a dangerous method to any authenticated user that could
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13 CVSSv3.1 8.2 (HIGH)
CVE-2016-9463 — Nextcloud Nextcloud_server: Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have CVSSv3.1 8.1 (HIGH)
CVE-2016-9456 — Revive-adserver Revive_adserver: Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. CVSSv3.1 8.8 (HIGH)
CVE-2016-9455 — Revive-adserver Revive_adserver: Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. CVSSv3.1 8.8 (HIGH)
CVE-2016-9127 — Revive-adserver Revive_adserver: Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF).
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. CVSSv3.1 8.8 (HIGH)
CVE-2016-9125 — Revive-adserver Revive_adserver: Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9124 — Revive-adserver Revive_adserver: The login page of Revive Adserver is vulnerable to password-guessing attacks.
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems CVSSv3.1 9.8 (CRITICAL)
CVE-2016-9121 — Go-jose_project Go-jose: When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. CVSSv3.1 9.1 (CRITICAL)
CVE-2017-1153 — Ibm Tririga_application_platform: TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563. CVSSv3.1 8.8 (HIGH)
CVE-2016-8960 — Ibm Cognos_business_intelligence: Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718. CVSSv3.1 8.8 (HIGH)
CVE-2017-7191 — Irssi Irssi: The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6542 — Putty Putty: The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-6460 — Ntp Ntp: Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. CVSSv3.1 8.8 (HIGH)
CVE-2017-6458 — Ntp Ntp: Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. CVSSv3.1 8.8 (HIGH)
CVE-2015-8764 — Freeradius Freeradius: Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. CVSSv3.1 8.1 (HIGH)
CVE-2015-8763 — Freeradius Freeradius: The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. CVSSv3.1 8.1 (HIGH)
CVE-2015-0864 — Samsung Galaxy_app: Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. CVSSv3.1 8.0 (HIGH)
CVE-2015-0863 — Samsung Galaxy_app: GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. CVSSv3.1 8.0 (HIGH)
CVE-2017-5931 — Qemu Qemu: Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. CVSSv3.1 8.8 (HIGH)
CVE-2017-6957 — Broadcom Bcm4339_soc_firmware: Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156). CVSSv3.1 8.1 (HIGH)
CVE-2017-6069 — Intelliants Subrion_cms: Subrion CMS 4.0.5 has CSRF in admin/blog/add/.
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. CVSSv3.1 8.8 (HIGH)
CVE-2017-6068 — Intelliants Subrion_cms: Subrion CMS 4.0.5 has CSRF in admin/blocks/add/.
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. CVSSv3.1 8.8 (HIGH)
CVE-2017-6066 — Intelliants Subrion_cms: Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/.
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. CVSSv3.1 8.8 (HIGH)