Security News

CVE-2018-11701

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11702

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11703

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11704

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11705

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11706

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-11707

National Vulnerability Database - Tue, 06/19/2018 - 21:29
FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
Categories: Security News

CVE-2018-12294

National Vulnerability Database - Tue, 06/19/2018 - 17:29
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
Categories: Security News

CVE-2018-12519

National Vulnerability Database - Tue, 06/19/2018 - 17:29
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Categories: Security News

CVE-2018-12588

National Vulnerability Database - Tue, 06/19/2018 - 17:29
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).
Categories: Security News

CVE-2018-10811

National Vulnerability Database - Tue, 06/19/2018 - 17:29
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
Categories: Security News

CVE-2018-10945

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.
Categories: Security News

CVE-2018-11116

National Vulnerability Database - Tue, 06/19/2018 - 17:29
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.
Categories: Security News

CVE-2018-11723

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.
Categories: Security News

CVE-2018-11724

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
Categories: Security News

CVE-2018-11725

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.
Categories: Security News

CVE-2018-11726

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
Categories: Security News

CVE-2018-11727

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: Security News

CVE-2018-11728

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: Security News

CVE-2018-11729

National Vulnerability Database - Tue, 06/19/2018 - 17:29
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
Categories: Security News

Pages