Security News

CVE-2017-13797

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2017-13798

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2017-13799

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13800

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Categories: Security News

CVE-2017-13801

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
Categories: Security News

CVE-2017-13802

National Vulnerability Database - Sun, 11/12/2017 - 22:29
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Categories: Security News

CVE-2017-16796

National Vulnerability Database - Sun, 11/12/2017 - 13:29
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
Categories: Security News

CVE-2017-16797

National Vulnerability Database - Sun, 11/12/2017 - 13:29
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
Categories: Security News

CVE-2017-16798

National Vulnerability Database - Sun, 11/12/2017 - 13:29
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
Categories: Security News

CVE-2017-16799

National Vulnerability Database - Sun, 11/12/2017 - 13:29
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
Categories: Security News

CVE-2017-16793

National Vulnerability Database - Sun, 11/12/2017 - 00:29
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2017-16794

National Vulnerability Database - Sun, 11/12/2017 - 00:29
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
Categories: Security News

Vuln: Authconfig CVE-2017-7488 Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/11/2017 - 00:00
Authconfig CVE-2017-7488 Information Disclosure Vulnerability
Categories: Security News

Vuln: Linux Kernel CVE-2016-10200 Multiple Privilege Escalation Vulnerabilities

SecurityFocus Vulnerabilities - Sat, 11/11/2017 - 00:00
Linux Kernel CVE-2016-10200 Multiple Privilege Escalation Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'tty/tty_ldsem.c' Local Race Condition Vulnerability

SecurityFocus Vulnerabilities - Sat, 11/11/2017 - 00:00
Linux Kernel 'tty/tty_ldsem.c' Local Race Condition Vulnerability
Categories: Security News

Vuln: PostgreSQL Multipe Memory Corruption and Security Bypass Vulnerabilities

SecurityFocus Vulnerabilities - Sat, 11/11/2017 - 00:00
PostgreSQL Multipe Memory Corruption and Security Bypass Vulnerabilities
Categories: Security News

CVE-2017-16520

National Vulnerability Database - Fri, 11/10/2017 - 19:29
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
Categories: Security News

CVE-2017-16780

National Vulnerability Database - Fri, 11/10/2017 - 18:29
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
Categories: Security News

CVE-2017-16781

National Vulnerability Database - Fri, 11/10/2017 - 18:29
The installer in MyBB before 1.8.13 has XSS.
Categories: Security News

CVE-2017-16782

National Vulnerability Database - Fri, 11/10/2017 - 18:29
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
Categories: Security News

Pages