Security News

Vuln: GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 12/20/2018 - 00:00
GIMP CVE-2017-17786 Heap Buffer Overflow Vulnerability
Categories: Security News

Vuln: Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 12/15/2018 - 00:00
Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
Categories: Security News

Vuln: FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 11/02/2018 - 00:00
FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
Categories: Security News

CVE-2018-18581

National Vulnerability Database - 5 hours 9 min ago
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c.
Categories: Security News

CVE-2018-18582

National Vulnerability Database - 5 hours 9 min ago
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a palette.
Categories: Security News

CVE-2018-18583

National Vulnerability Database - 5 hours 9 min ago
An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer overflow in insertByte in miniz/lupng.c during a write operation for data obtained from a swap.
Categories: Security News

CVE-2018-18578

National Vulnerability Database - 6 hours 9 min ago
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Categories: Security News

CVE-2018-18579

National Vulnerability Database - 6 hours 9 min ago
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Categories: Security News

CVE-2018-13114

National Vulnerability Database - 7 hours 9 min ago
Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.
Categories: Security News

CVE-2018-13115

National Vulnerability Database - 7 hours 9 min ago
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.
Categories: Security News

CVE-2018-12246

National Vulnerability Database - 8 hours 9 min ago
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.
Categories: Security News

CVE-2018-15703

National Vulnerability Database - 8 hours 9 min ago
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
Categories: Security News

CVE-2018-15704

National Vulnerability Database - 8 hours 9 min ago
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
Categories: Security News

CVE-2018-18557

National Vulnerability Database - 11 hours 9 min ago
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
Categories: Security News

CVE-2018-18559

National Vulnerability Database - 11 hours 9 min ago
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
Categories: Security News

CVE-2018-1850

National Vulnerability Database - 15 hours 9 min ago
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
Categories: Security News

Vuln: Splunk Multiple Local Privilege Escalation Vulnerabilities

SecurityFocus Vulnerabilities - 23 hours 38 min ago
Splunk Multiple Local Privilege Escalation Vulnerabilities
Categories: Security News

Vuln: Libssh CVE-2018-10933 Authentication Bypass Vulnerability

SecurityFocus Vulnerabilities - 23 hours 38 min ago
Libssh CVE-2018-10933 Authentication Bypass Vulnerability
Categories: Security News

CVE-2018-18553

National Vulnerability Database - Sun, 10/21/2018 - 21:29
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
Categories: Security News

CVE-2018-18550

National Vulnerability Database - Sun, 10/21/2018 - 19:29
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.
Categories: Security News

Pages