Security News

CVE-2017-13231

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.
Categories: Security News

CVE-2017-13232

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.
Categories: Security News

CVE-2017-13233

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.
Categories: Security News

CVE-2017-13234

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767.
Categories: Security News

CVE-2017-13235

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
Categories: Security News

CVE-2017-13236

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
Categories: Security News

CVE-2017-13238

National Vulnerability Database - Mon, 02/12/2018 - 14:29
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
Categories: Security News

CVE-2017-13239

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.
Categories: Security News

CVE-2017-13240

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
Categories: Security News

CVE-2017-13241

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
Categories: Security News

CVE-2017-13242

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
Categories: Security News

CVE-2017-13243

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
Categories: Security News

CVE-2017-13244

National Vulnerability Database - Mon, 02/12/2018 - 14:29
A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.
Categories: Security News

CVE-2016-9569

National Vulnerability Database - Mon, 02/12/2018 - 13:29
The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.
Categories: Security News

CVE-2016-9570

National Vulnerability Database - Mon, 02/12/2018 - 13:29
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
Categories: Security News

Bugtraq: CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4111-1] libreoffice security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4111-1] libreoffice security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4110-1] exim4 security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4110-1] exim4 security update
Categories: Security News

Bugtraq: [SECURITY] [DSA 4109-1] ruby-omniauth security update

SecurityFocus Vulnerabilities - Mon, 02/12/2018 - 13:20
[SECURITY] [DSA 4109-1] ruby-omniauth security update
Categories: Security News

CVE-2016-5397

National Vulnerability Database - Mon, 02/12/2018 - 12:29
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.
Categories: Security News

Pages