Security News

CVE-2018-7726

National Vulnerability Database - Tue, 03/06/2018 - 12:29
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Categories: Security News

CVE-2018-7727

National Vulnerability Database - Tue, 03/06/2018 - 12:29
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
Categories: Security News

CVE-2017-6280

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NIVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
Categories: Security News

CVE-2017-6282

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.
Categories: Security News

CVE-2017-6283

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.
Categories: Security News

CVE-2017-6284

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.
Categories: Security News

CVE-2017-6295

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high.
Categories: Security News

CVE-2017-6296

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.
Categories: Security News

CVE-2017-9783

National Vulnerability Database - Tue, 03/06/2018 - 11:29
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.
Categories: Security News

CVE-2017-9786

National Vulnerability Database - Tue, 03/06/2018 - 11:29
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php.
Categories: Security News

CVE-2018-1062

National Vulnerability Database - Tue, 03/06/2018 - 10:29
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Categories: Security News

CVE-2018-7307

National Vulnerability Database - Tue, 03/06/2018 - 10:29
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Categories: Security News

CVE-2018-7650

National Vulnerability Database - Tue, 03/06/2018 - 10:29
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4132-1] libvpx security update

SecurityFocus Vulnerabilities - Tue, 03/06/2018 - 07:20
[SECURITY] [DSA 4132-1] libvpx security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4131-1] xen security update

SecurityFocus Vulnerabilities - Tue, 03/06/2018 - 07:20
[SECURITY] [DSA 4131-1] xen security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4120-2] linux regression update

SecurityFocus Vulnerabilities - Tue, 03/06/2018 - 07:20
[SECURITY] [DSA 4120-2] linux regression update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4130-1] dovecot security update

SecurityFocus Vulnerabilities - Tue, 03/06/2018 - 07:20
[SECURITY] [DSA 4130-1] dovecot security update
Categories: Security News

CVE-2018-7712

National Vulnerability Database - Mon, 03/05/2018 - 18:29
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.height <= (1<<20)) may be false.
Categories: Security News

CVE-2018-7713

National Vulnerability Database - Mon, 03/05/2018 - 18:29
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (size.width <= (1<<20)) may be false.
Categories: Security News

CVE-2018-7714

National Vulnerability Database - Mon, 03/05/2018 - 18:29
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service (assertion failure) because (pixels <= (1<<30)) may be false.
Categories: Security News

Pages