Security News

CVE-2018-11593

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
Categories: Security News

CVE-2018-11594

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
Categories: Security News

CVE-2018-11595

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
Categories: Security News

CVE-2018-11596

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
Categories: Security News

CVE-2018-11597

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
Categories: Security News

CVE-2018-11598

National Vulnerability Database - Thu, 05/31/2018 - 12:29
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
Categories: Security News

CVE-2018-11624

National Vulnerability Database - Thu, 05/31/2018 - 12:29
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
Categories: Security News

CVE-2018-11625

National Vulnerability Database - Thu, 05/31/2018 - 12:29
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
Categories: Security News

CVE-2018-11220

National Vulnerability Database - Thu, 05/31/2018 - 11:29
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
Categories: Security News

CVE-2018-5388

National Vulnerability Database - Thu, 05/31/2018 - 09:29
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Categories: Security News

CVE-2018-11036

National Vulnerability Database - Thu, 05/31/2018 - 08:29
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
Categories: Security News

CVE-2018-9311

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.
Categories: Security News

CVE-2018-9312

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9313

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.
Categories: Security News

CVE-2018-9314

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.
Categories: Security News

CVE-2018-9318

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.
Categories: Security News

CVE-2018-9320

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9322

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.
Categories: Security News

CVE-2018-11583

National Vulnerability Database - Wed, 05/30/2018 - 23:29
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
Categories: Security News

CVE-2018-11579

National Vulnerability Database - Wed, 05/30/2018 - 21:29
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
Categories: Security News

Pages