Security News

CVE-2018-12268

National Vulnerability Database - Wed, 06/13/2018 - 07:29
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4227-1] plexus-archiver security update

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
[SECURITY] [DSA 4227-1] plexus-archiver security update
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities
Categories: Security News

Bugtraq: DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4226-1] perl security update

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 04:20
[SECURITY] [DSA 4226-1] perl security update
Categories: Security News

Vuln: SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability

SecurityFocus Vulnerabilities - Wed, 06/13/2018 - 00:00
SAP Business Objects CVE-2018-2408 Unspecified Session Fixation Vulnerability
Categories: Security News

Draft of Microsoft Security Servicing Commitments for Windows

Security Research & Defense - Tue, 06/12/2018 - 18:02

Microsoft’s commitment to protecting customers from vulnerabilities in our products, services, and devices includes providing security updates that address these vulnerabilities when they are discovered. We understand that researchers have wanted better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them. We have drafted a document which better describes the criteria Microsoft Security Response Center (MSRC) uses when determining whether a reported vulnerability will be addressed through servicing, or in the next version of a product. We are sharing the draft copy with the research community and would like feedback before we make the final copy available online. We are primarily interested in feedback around our servicing policies and whether our criteria makes sense to you, the researcher.

Microsoft Security Servicing Commitments.pdf

Please send feedback to switech@microsoft.com, thank you!

 

 

Categories: Security News

CVE-2018-5849

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.
Categories: Security News

CVE-2018-5851

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15842

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15843

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15854

National Vulnerability Database - Tue, 06/12/2018 - 16:29
The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-15857

National Vulnerability Database - Tue, 06/12/2018 - 16:29
In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-18070

National Vulnerability Database - Tue, 06/12/2018 - 16:29
In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-0496

National Vulnerability Database - Tue, 06/12/2018 - 16:29
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
Categories: Security News

CVE-2018-3571

National Vulnerability Database - Tue, 06/12/2018 - 16:29
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations
Categories: Security News

CVE-2018-3572

National Vulnerability Database - Tue, 06/12/2018 - 16:29
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3576

National Vulnerability Database - Tue, 06/12/2018 - 16:29
improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3579

National Vulnerability Database - Tue, 06/12/2018 - 16:29
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read
Categories: Security News

CVE-2018-3581

National Vulnerability Database - Tue, 06/12/2018 - 16:29
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid.
Categories: Security News

Pages