Monthly Archive: August 2018

A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs...

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. Date published :...

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Date published : 2018-08-01 http://www.securityfocus.com/bid/94106 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

The ‘globbing’ feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. Date published : 2018-08-01 http://www.securityfocus.com/bid/94102 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. Date published : 2018-08-01 http://www.securityfocus.com/bid/94100 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused...

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can...

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user’s session. This...

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to...

Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack. Date published : 2018-08-01 http://www.securityfocus.com/bid/104957 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00077.html

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35...

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in...

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting...

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can...