Security News

CVE-2016-10731

National Vulnerability Database - Mon, 10/29/2018 - 08:29
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
Categories: Security News

Vuln: Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability
Categories: Security News

Vuln: Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
Categories: Security News

Vuln: Mozilla Firefox ESR CVE-2018-12389 Multiple Memory Corruption Vulnerabilities

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Mozilla Firefox ESR CVE-2018-12389 Multiple Memory Corruption Vulnerabilities
Categories: Security News

Vuln: Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Mon, 10/29/2018 - 00:00
Linux Kernel 'mm/vmacache.c' Local Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-18690

National Vulnerability Database - Fri, 10/26/2018 - 14:29
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
Categories: Security News

CVE-2018-4022

National Vulnerability Database - Fri, 10/26/2018 - 13:29
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-6559

National Vulnerability Database - Fri, 10/26/2018 - 13:29
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
Categories: Security News

CVE-2018-18661

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
Categories: Security News

CVE-2018-18662

National Vulnerability Database - Fri, 10/26/2018 - 10:29
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
Categories: Security News

CVE-2018-18657

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
Categories: Security News

CVE-2018-18658

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
Categories: Security News

CVE-2018-18659

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
Categories: Security News

CVE-2018-18660

National Vulnerability Database - Fri, 10/26/2018 - 10:29
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
Categories: Security News

CVE-2018-15686

National Vulnerability Database - Fri, 10/26/2018 - 10:29
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Categories: Security News

CVE-2018-15687

National Vulnerability Database - Fri, 10/26/2018 - 10:29
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Categories: Security News

CVE-2018-15688

National Vulnerability Database - Fri, 10/26/2018 - 10:29
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
Categories: Security News

CVE-2018-5914

National Vulnerability Database - Fri, 10/26/2018 - 09:29
Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.
Categories: Security News

CVE-2018-11824

National Vulnerability Database - Fri, 10/26/2018 - 09:29
A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660
Categories: Security News

CVE-2018-11828

National Vulnerability Database - Fri, 10/26/2018 - 09:29
When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52
Categories: Security News

Pages