New vulnerabilities from the NVD: CVE-2017-1749 | | IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. Published at: August 13, 2018 at 07:29PM View on website August 13, 2018 at 10:15PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-15138 | | The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. Published at: August 13, 2018 at 08:29PM View on website August 13, 2018 at 10:15PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1286 | | Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. Published at: August 13, 2018 at 07:29PM View on website August 13, 2018 at 10:15PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-2922 | | IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. Published at: August 13, 2018 at 07:29PM View on website August 13, 2018 at 10:15PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-4975 | | Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Published at: August 14, 2018 at 03:29PM View on website August 14, 2018 at 06:15PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13108 | | DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13107 | | Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13106 | | Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13105 | | Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13104 | | Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13103 | | Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13102 | | Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13101 | | Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-13100 | | DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. Published at: August 16, 2018 at 01:29AM View on website August 16, 2018 at 04:15AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-9598 | | libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. Published at: August 16, 2018 at 11:29PM View on website August 17, 2018 at 02:51AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2016-9596 | | libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. Published at: August 16, 2018 at 11:29PM View on website August 17, 2018 at 02:51AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2017-1732 | | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. Published at: August 17, 2018 at 07:29PM View on website August 17, 2018 at 10:51PM via National Vulnerability Database |
|
|
Няма коментари:
Публикуване на коментар