Security News

CVE-2018-4889

National Vulnerability Database - Tue, 02/27/2018 - 00:29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.
Categories: Security News

CVE-2018-4890

National Vulnerability Database - Tue, 02/27/2018 - 00:29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.
Categories: Security News

Vuln: Linux Kernel 'fs/ocfs2/file.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 00:00
Linux Kernel 'fs/ocfs2/file.c' Local Denial of Service Vulnerability
Categories: Security News

Vuln: Linux Kernel 'mm/oom_kill.c' Local Denial of Service Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/27/2018 - 00:00
Linux Kernel 'mm/oom_kill.c' Local Denial of Service Vulnerability
Categories: Security News

CVE-2017-11632

National Vulnerability Database - Mon, 02/26/2018 - 17:29
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.
Categories: Security News

CVE-2017-11633

National Vulnerability Database - Mon, 02/26/2018 - 17:29
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.
Categories: Security News

CVE-2017-11634

National Vulnerability Database - Mon, 02/26/2018 - 17:29
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.
Categories: Security News

CVE-2017-11635

National Vulnerability Database - Mon, 02/26/2018 - 17:29
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.
Categories: Security News

CVE-2017-16229

National Vulnerability Database - Mon, 02/26/2018 - 17:29
In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
Categories: Security News

CVE-2017-16813

National Vulnerability Database - Mon, 02/26/2018 - 17:29
A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this.
Categories: Security News

CVE-2017-16814

National Vulnerability Database - Mon, 02/26/2018 - 17:29
A Directory Traversal issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs by abusing the URL + escape character during a Wi-Fi transfer, which could be exploited by attackers to bypass intended restrictions on local application files.
Categories: Security News

CVE-2018-0908

National Vulnerability Database - Mon, 02/26/2018 - 17:29
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
Categories: Security News

CVE-2018-7490

National Vulnerability Database - Mon, 02/26/2018 - 17:29
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
Categories: Security News

CVE-2018-7249

National Vulnerability Database - Mon, 02/26/2018 - 15:29
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.
Categories: Security News

CVE-2018-7250

National Vulnerability Database - Mon, 02/26/2018 - 15:29
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.
Categories: Security News

CVE-2018-7492

National Vulnerability Database - Mon, 02/26/2018 - 15:29
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
Categories: Security News

CVE-2017-18195

National Vulnerability Database - Mon, 02/26/2018 - 12:29
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Categories: Security News

CVE-2018-7448

National Vulnerability Database - Mon, 02/26/2018 - 12:29
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
Categories: Security News

CVE-2018-7491

National Vulnerability Database - Mon, 02/26/2018 - 12:29
In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values.
Categories: Security News

CVE-2018-5762

National Vulnerability Database - Mon, 02/26/2018 - 10:29
The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
Categories: Security News

Pages