Monthly Archive: May 2018

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be...

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to...

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file...

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an...

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image...

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. Date published : 2018-05-18 http://www.securityfocus.com/bid/104254 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans...

interfacesuperedit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. Date published : 2018-05-18 https://github.com/openemr/openemr/commit/2a5dd0601e1f616251006d7471997ecd7aaf9651 https://github.com/openemr/openemr/pull/1578

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions,...

Medtronic N’Vision Clinician Programmer 8840 N’Vision Clinician Programmer, all versions, and 8870 N’Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. Date published : 2018-05-18 http://www.securityfocus.com/bid/104213 http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software...

totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. Date published : 2018-05-18 http://www.securityfocus.com/archive/1/542016/100/0/threaded http://packetstormsecurity.com/files/147637/Totemomail-Encryption-Gateway-6.0.0_Build_371-JSONP-Hijacking.html

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to...

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change. Date published :...