Security News

Vuln: Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability

SecurityFocus Vulnerabilities - Tue, 01/22/2019 - 00:00
Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Tue, 01/22/2019 - 00:00
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
Categories: Security News

CVE-2016-10739

National Vulnerability Database - Mon, 01/21/2019 - 14:29
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
Categories: Security News

CVE-2019-6499

National Vulnerability Database - Mon, 01/21/2019 - 01:29
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.
Categories: Security News

CVE-2019-6500

National Vulnerability Database - Mon, 01/21/2019 - 01:29
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
Categories: Security News

CVE-2019-6498

National Vulnerability Database - Mon, 01/21/2019 - 01:29
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
Categories: Security News

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 01/21/2019 - 00:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Categories: Security News

CVE-2019-6497

National Vulnerability Database - Sun, 01/20/2019 - 15:29
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
Categories: Security News

CVE-2018-18908

National Vulnerability Database - Sun, 01/20/2019 - 15:29
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.
Categories: Security News

CVE-2019-6496

National Vulnerability Database - Sun, 01/20/2019 - 15:29
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.
Categories: Security News

CVE-2019-3773

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Categories: Security News

CVE-2019-3774

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Categories: Security News

CVE-2017-18160

National Vulnerability Database - Fri, 01/18/2019 - 17:29
AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850
Categories: Security News

CVE-2017-18331

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660
Categories: Security News

CVE-2017-18332

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130
Categories: Security News

CVE-2017-8276

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.
Categories: Security News

CVE-2018-11279

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
Categories: Security News

CVE-2018-11284

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20
Categories: Security News

CVE-2018-11288

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130
Categories: Security News

CVE-2018-11993

National Vulnerability Database - Fri, 01/18/2019 - 17:29
Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607
Categories: Security News

Pages