Security News

CVE-2018-6246

National Vulnerability Database - Thu, 05/10/2018 - 10:29
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.
Categories: Security News

CVE-2018-6254

National Vulnerability Database - Thu, 05/10/2018 - 10:29
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254.
Categories: Security News

CVE-2018-7933

National Vulnerability Database - Thu, 05/10/2018 - 10:29
Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation.
Categories: Security News

CVE-2018-7940

National Vulnerability Database - Thu, 05/10/2018 - 10:29
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations.
Categories: Security News

CVE-2018-7941

National Vulnerability Database - Thu, 05/10/2018 - 10:29
Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation.
Categories: Security News

CVE-2018-9849

National Vulnerability Database - Thu, 05/10/2018 - 10:29
Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
Categories: Security News

CVE-2017-2601

National Vulnerability Database - Thu, 05/10/2018 - 09:29
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
Categories: Security News

CVE-2018-1130

National Vulnerability Database - Thu, 05/10/2018 - 09:29
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
Categories: Security News

CVE-2018-8910

National Vulnerability Database - Thu, 05/10/2018 - 09:29
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
Categories: Security News

CVE-2018-8914

National Vulnerability Database - Thu, 05/10/2018 - 09:29
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
Categories: Security News

CVE-2018-8915

National Vulnerability Database - Thu, 05/10/2018 - 09:29
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
Categories: Security News

Bugtraq: [security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information

SecurityFocus Vulnerabilities - Thu, 05/10/2018 - 05:20
[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information
Categories: Security News

Bugtraq: [SECURITY] [DSA 4198-1] prosody security update

SecurityFocus Vulnerabilities - Thu, 05/10/2018 - 05:20
[SECURITY] [DSA 4198-1] prosody security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4197-1] wavpack security updaze

SecurityFocus Vulnerabilities - Thu, 05/10/2018 - 05:20
[SECURITY] [DSA 4197-1] wavpack security updaze
Categories: Security News

Bugtraq: [security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 05/10/2018 - 05:20
[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
Categories: Security News

Vuln: Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 05/10/2018 - 00:00
Google Chrome Prior to 66.0.3359.170 Multiple Security Vulnerabilities
Categories: Security News

CVE-2018-10314

National Vulnerability Database - Wed, 05/09/2018 - 23:29
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
Categories: Security News

CVE-2018-10942

National Vulnerability Database - Wed, 05/09/2018 - 23:29
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.
Categories: Security News

CVE-2018-8060

National Vulnerability Database - Wed, 05/09/2018 - 23:29
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send an IOCTL to the device driver. If input and/or output buffer pointers are NULL or if these buffers' data are invalid, a NULL/invalid pointer access occurs, resulting in a Windows kernel panic aka Blue Screen. This affects IOCTLs higher than 0x85FE2600 with the HWiNFO32 symbolic device name.
Categories: Security News

CVE-2018-8061

National Vulnerability Database - Wed, 05/09/2018 - 23:29
HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileged user to send IOCTL 0x85FE2608 to the device driver with the HWiNFO32 symbolic device name, resulting in direct physical memory read or write.
Categories: Security News

Pages