Security News

CVE-2018-1000036

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
Categories: Security News

CVE-2018-1000037

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
Categories: Security News

CVE-2018-1000038

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
Categories: Security News

CVE-2018-1000039

National Vulnerability Database - Thu, 05/24/2018 - 09:29
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Categories: Security News

CVE-2018-11411

National Vulnerability Database - Thu, 05/24/2018 - 08:29
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect.
Categories: Security News

CVE-2018-11403

National Vulnerability Database - Thu, 05/24/2018 - 03:29
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
Categories: Security News

CVE-2018-11404

National Vulnerability Database - Thu, 05/24/2018 - 03:29
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
Categories: Security News

CVE-2018-11405

National Vulnerability Database - Thu, 05/24/2018 - 03:29
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
Categories: Security News

CVE-2018-11410

National Vulnerability Database - Thu, 05/24/2018 - 03:29
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11399

National Vulnerability Database - Thu, 05/24/2018 - 01:29
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.
Categories: Security News

CVE-2018-11400

National Vulnerability Database - Thu, 05/24/2018 - 01:29
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.
Categories: Security News

CVE-2018-11401

National Vulnerability Database - Thu, 05/24/2018 - 01:29
In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.
Categories: Security News

CVE-2018-11402

National Vulnerability Database - Thu, 05/24/2018 - 01:29
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.
Categories: Security News

Vuln: GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Thu, 05/24/2018 - 00:00
GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
Categories: Security News

CVE-2018-10428

National Vulnerability Database - Wed, 05/23/2018 - 16:29
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
Categories: Security News

CVE-2018-6495

National Vulnerability Database - Wed, 05/23/2018 - 14:29
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
Categories: Security News

CVE-2018-10653

National Vulnerability Database - Wed, 05/23/2018 - 13:29
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Categories: Security News

CVE-2018-10654

National Vulnerability Database - Wed, 05/23/2018 - 13:29
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Categories: Security News

CVE-2018-10648

National Vulnerability Database - Wed, 05/23/2018 - 13:29
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Categories: Security News

CVE-2018-10649

National Vulnerability Database - Wed, 05/23/2018 - 13:29
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
Categories: Security News

Pages