Security News

CVE-2018-1000100

National Vulnerability Database - Tue, 03/06/2018 - 12:29
GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE.
Categories: Security News

CVE-2018-1000101

National Vulnerability Database - Tue, 03/06/2018 - 12:29
Mingw-w64 version 5.0.3 and earlier contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.
Categories: Security News

CVE-2018-7722

National Vulnerability Database - Tue, 03/06/2018 - 12:29
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Categories: Security News

CVE-2018-7723

National Vulnerability Database - Tue, 03/06/2018 - 12:29
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
Categories: Security News

CVE-2018-7724

National Vulnerability Database - Tue, 03/06/2018 - 12:29
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
Categories: Security News

CVE-2018-7725

National Vulnerability Database - Tue, 03/06/2018 - 12:29
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
Categories: Security News

CVE-2018-7726

National Vulnerability Database - Tue, 03/06/2018 - 12:29
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
Categories: Security News

CVE-2018-7727

National Vulnerability Database - Tue, 03/06/2018 - 12:29
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
Categories: Security News

CVE-2017-6280

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NIVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
Categories: Security News

CVE-2017-6282

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.
Categories: Security News

CVE-2017-6283

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.
Categories: Security News

CVE-2017-6284

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.
Categories: Security News

CVE-2017-6295

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high.
Categories: Security News

CVE-2017-6296

National Vulnerability Database - Tue, 03/06/2018 - 11:29
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.
Categories: Security News

CVE-2017-9783

National Vulnerability Database - Tue, 03/06/2018 - 11:29
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.
Categories: Security News

CVE-2017-9786

National Vulnerability Database - Tue, 03/06/2018 - 11:29
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php.
Categories: Security News

CVE-2018-1062

National Vulnerability Database - Tue, 03/06/2018 - 10:29
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Categories: Security News

CVE-2018-7307

National Vulnerability Database - Tue, 03/06/2018 - 10:29
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Categories: Security News

CVE-2018-7650

National Vulnerability Database - Tue, 03/06/2018 - 10:29
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4132-1] libvpx security update

SecurityFocus Vulnerabilities - Tue, 03/06/2018 - 07:20
[SECURITY] [DSA 4132-1] libvpx security update
Categories: Security News

Pages