Security News

CVE-2019-6533

National Vulnerability Database - Tue, 02/12/2019 - 12:29
Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166).
Categories: Security News

CVE-2019-7753 (verydows)

National Vulnerability Database - Tue, 02/12/2019 - 07:29
Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.
Categories: Security News

CVE-2019-5595

National Vulnerability Database - Tue, 02/12/2019 - 00:29
In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.
Categories: Security News

CVE-2019-5596

National Vulnerability Database - Tue, 02/12/2019 - 00:29
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-15983 DLL Loading Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/12/2019 - 00:00
Adobe Flash Player CVE-2018-15983 DLL Loading Local Privilege Escalation Vulnerability
Categories: Security News

Vuln: Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability

SecurityFocus Vulnerabilities - Tue, 02/12/2019 - 00:00
Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability
Categories: Security News

CVE-2019-3923 (nessus)

National Vulnerability Database - Mon, 02/11/2019 - 23:29
Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.
Categories: Security News

CVE-2018-9582

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362.
Categories: Security News

CVE-2018-9583

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487.
Categories: Security News

CVE-2018-9584

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.
Categories: Security News

CVE-2018-9585

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.
Categories: Security News

CVE-2018-9586

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444.
Categories: Security News

CVE-2018-9587

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344.
Categories: Security News

CVE-2018-9588

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156.
Categories: Security News

CVE-2018-9589

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132.
Categories: Security News

CVE-2018-9590

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-115900043.
Categories: Security News

CVE-2018-9591

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116108738.
Categories: Security News

CVE-2018-9592

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076.
Categories: Security News

CVE-2018-9593

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116722267.
Categories: Security News

CVE-2018-9594

National Vulnerability Database - Mon, 02/11/2019 - 18:29
In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116791157.
Categories: Security News

Pages