Security News

CVE-2018-15546

National Vulnerability Database - Tue, 09/18/2018 - 17:29
Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.
Categories: Security News

CVE-2018-16225

National Vulnerability Database - Tue, 09/18/2018 - 17:29
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker being able to reuse cookies to bypass authentication and disable the camera.
Categories: Security News

CVE-2018-16669

National Vulnerability Database - Tue, 09/18/2018 - 16:29
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
Categories: Security News

CVE-2018-16670

National Vulnerability Database - Tue, 09/18/2018 - 16:29
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
Categories: Security News

CVE-2018-16671

National Vulnerability Database - Tue, 09/18/2018 - 16:29
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
Categories: Security News

CVE-2017-6913

National Vulnerability Database - Tue, 09/18/2018 - 16:29
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag.
Categories: Security News

CVE-2018-16668

National Vulnerability Database - Tue, 09/18/2018 - 16:29
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
Categories: Security News

CVE-2018-17177

National Vulnerability Database - Tue, 09/18/2018 - 14:29
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary.
Categories: Security News

CVE-2018-17178

National Vulnerability Database - Tue, 09/18/2018 - 14:29
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything.
Categories: Security News

CVE-2018-11869

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
Categories: Security News

CVE-2018-17176

National Vulnerability Database - Tue, 09/18/2018 - 14:29
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
Categories: Security News

CVE-2018-11852

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.
Categories: Security News

CVE-2018-11860

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length.
Categories: Security News

CVE-2018-11863

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy.
Categories: Security News

CVE-2018-11868

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler.
Categories: Security News

CVE-2018-11836

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.
Categories: Security News

CVE-2018-11840

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
Categories: Security News

CVE-2018-11842

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated.
Categories: Security News

CVE-2018-11843

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free.
Categories: Security News

CVE-2018-11851

National Vulnerability Database - Tue, 09/18/2018 - 14:29
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack.
Categories: Security News

Pages