Security News

CVE-2018-19756

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.
Categories: Security News

CVE-2018-19757

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
Categories: Security News

CVE-2018-19758

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
Categories: Security News

CVE-2018-19759

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
Categories: Security News

CVE-2018-19760

National Vulnerability Database - Thu, 11/29/2018 - 22:29
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
Categories: Security News

CVE-2018-19761

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
Categories: Security News

CVE-2018-19762

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
Categories: Security News

CVE-2018-19763

National Vulnerability Database - Thu, 11/29/2018 - 22:29
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
Categories: Security News

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

SecurityFocus Vulnerabilities - Thu, 11/29/2018 - 21:20
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
Categories: Security News

CVE-2018-19497

National Vulnerability Database - Thu, 11/29/2018 - 18:29
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
Categories: Security News

CVE-2018-19527

National Vulnerability Database - Thu, 11/29/2018 - 18:29
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
Categories: Security News

CVE-2018-18619

National Vulnerability Database - Thu, 11/29/2018 - 17:29
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
Categories: Security News

CVE-2018-19749

National Vulnerability Database - Thu, 11/29/2018 - 17:29
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
Categories: Security News

CVE-2018-19750

National Vulnerability Database - Thu, 11/29/2018 - 17:29
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
Categories: Security News

CVE-2018-19751

National Vulnerability Database - Thu, 11/29/2018 - 17:29
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
Categories: Security News

CVE-2018-19752

National Vulnerability Database - Thu, 11/29/2018 - 17:29
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
Categories: Security News

CVE-2018-15537

National Vulnerability Database - Thu, 11/29/2018 - 16:29
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Categories: Security News

CVE-2018-19120

National Vulnerability Database - Thu, 11/29/2018 - 16:29
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
Categories: Security News

CVE-2018-19748

National Vulnerability Database - Thu, 11/29/2018 - 16:29
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).
Categories: Security News

CVE-2018-15978

National Vulnerability Database - Thu, 11/29/2018 - 15:29
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

Pages