Security News

CVE-2019-12645

National Vulnerability Database - Wed, 09/04/2019 - 22:15
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.
Categories: Security News

CVE-2019-15926

National Vulnerability Database - Wed, 09/04/2019 - 17:15
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
Categories: Security News

CVE-2019-15927

National Vulnerability Database - Wed, 09/04/2019 - 17:15
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.
Categories: Security News

CVE-2017-18595

National Vulnerability Database - Wed, 09/04/2019 - 17:15
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
Categories: Security News

CVE-2018-21008

National Vulnerability Database - Wed, 09/04/2019 - 17:15
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.
Categories: Security News

CVE-2019-15925

National Vulnerability Database - Wed, 09/04/2019 - 17:15
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
Categories: Security News

CVE-2019-12586

National Vulnerability Database - Wed, 09/04/2019 - 16:15
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.
Categories: Security News

CVE-2019-14319 (tiktok)

National Vulnerability Database - Wed, 09/04/2019 - 16:15
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.
Categories: Security News

CVE-2019-14470 (instagram-php-api, user_pro)

National Vulnerability Database - Wed, 09/04/2019 - 16:15
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
Categories: Security News

CVE-2019-15918

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
Categories: Security News

CVE-2019-15919 (linux_kernel)

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.
Categories: Security News

CVE-2019-15920

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.
Categories: Security News

CVE-2019-15921

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
Categories: Security News

CVE-2019-15922

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.
Categories: Security News

CVE-2019-15923

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.
Categories: Security News

CVE-2019-15924

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.
Categories: Security News

CVE-2019-15917

National Vulnerability Database - Wed, 09/04/2019 - 15:15
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
Categories: Security News

CVE-2019-6643

National Vulnerability Database - Wed, 09/04/2019 - 14:15
On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.
Categories: Security News

CVE-2019-6646 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection...

National Vulnerability Database - Wed, 09/04/2019 - 14:15
On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.
Categories: Security News

CVE-2019-6644

National Vulnerability Database - Wed, 09/04/2019 - 13:15
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.
Categories: Security News

Pages