Weekly Update: a new vulnerability is published on the National Vulnerability Database (31 items)

New vulnerabilities from the NVD: CVE-2018-20818 A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. Published at: April 22, 2019 at 02:29PM View on website April 22, 2019 at 07:34PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1587 The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1586 A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1585 In all versions of AppArmor mount rules are accidentally widened when compiled. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1584 In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1579 UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-1573 Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1343 All versions of unity-scope-gdrive logs search terms to syslog. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1341 Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Appoprt before 2.19.2 function _python_module_path. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1340 LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1327 Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1326 python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1320 The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-1316 Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-1428 A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-1427 A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-1426 A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3151 The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3147 Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-3145 When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-1830 Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. Published at: April 22, 2019 at 07:29PM View on website April 22, 2019 at 09:35PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7470 cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. Published at: April 23, 2019 at 06:29AM View on website April 23, 2019 at 09:34AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-1317 In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. Published at: April 23, 2019 at 06:29PM View on website April 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-12619 Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone". Published at: April 23, 2019 at 06:29PM View on website April 23, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-13443 EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file. Published at: April 24, 2019 at 06:29PM View on website April 24, 2019 at 09:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-10055 Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. Published at: April 24, 2019 at 08:29PM View on website April 24, 2019 at 11:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-18367 libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. Published at: April 25, 2019 at 12:29AM View on website April 25, 2019 at 03:13AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2017-16558 Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. Published at: April 25, 2019 at 08:29PM View on website April 25, 2019 at 11:13PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-1360 A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Published at: April 25, 2019 at 09:29PM View on website April 26, 2019 at 01:13AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-12244 SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. Published at: April 25, 2019 at 10:29PM View on website April 26, 2019 at 01:13AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9284 The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. Published at: April 26, 2019 at 06:29PM View on website April 26, 2019 at 09:04PM via National Vulnerability Database Manage this Applet