Monthly Archive: February 2019

V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a...

Untrusted search path vulnerability in the installer of LHMelting (LHMelting for Win32 Ver 1.65.3.6 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published :...

Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published :...

Untrusted search path vulnerability in the installer of UNLHA32.DLL (UNLHA32.DLL for Win32 Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Date published :...

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2019-02-13 http://jvn.jp/en/jp/JVN98505783/index.html

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 – R6.06.00), CENTUM VP Entry Class (R5.01.00 – R6.06.00), ProSafe-RS (R3.01.00 – R4.04.00), PRM (R4.01.00 – R4.02.00), B/M9000 VP(R7.01.01 – R8.02.03)) allows remote attackers to...

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file...

Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware. Date published : 2019-02-13 http://www.securityfocus.com/bid/107217 https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102889

Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks. Date published : 2019-02-12 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522 https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215

ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS). Date published : 2019-02-12 https://security.netapp.com/advisory/ntap-20190125-0003/

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user’s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. Date published : 2019-02-12 https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 https://bugzilla.gnome.org/show_bug.cgi?id=781486

In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the...

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. Date published : 2019-02-12 http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm

When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array. Date published :...