Security News

CVE-2018-9845

National Vulnerability Database - Sun, 04/29/2018 - 14:29
Etherpad Lite before 1.6.4 is exploitable for admin access.
Categories: Security News

CVE-2018-10534

National Vulnerability Database - Sun, 04/29/2018 - 11:29
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
Categories: Security News

CVE-2018-10535

National Vulnerability Database - Sun, 04/29/2018 - 11:29
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
Categories: Security News

CVE-2018-10536

National Vulnerability Database - Sun, 04/29/2018 - 11:29
An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.
Categories: Security News

CVE-2018-10537

National Vulnerability Database - Sun, 04/29/2018 - 11:29
An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.
Categories: Security News

CVE-2018-10538

National Vulnerability Database - Sun, 04/29/2018 - 11:29
An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Categories: Security News

CVE-2018-10539

National Vulnerability Database - Sun, 04/29/2018 - 11:29
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Categories: Security News

CVE-2018-10540

National Vulnerability Database - Sun, 04/29/2018 - 11:29
An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.
Categories: Security News

CVE-2018-10528

National Vulnerability Database - Sat, 04/28/2018 - 23:29
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
Categories: Security News

CVE-2018-10529

National Vulnerability Database - Sat, 04/28/2018 - 23:29
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
Categories: Security News

CVE-2018-10527

National Vulnerability Database - Sat, 04/28/2018 - 12:29
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI.
Categories: Security News

CVE-2018-10468

National Vulnerability Database - Sat, 04/28/2018 - 09:29
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue.
Categories: Security News

CVE-2017-18263

National Vulnerability Database - Fri, 04/27/2018 - 21:29
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
Categories: Security News

Bugtraq: [slackware-security] openvpn (SSA:2018-116-01)

SecurityFocus Vulnerabilities - Fri, 04/27/2018 - 19:20
[slackware-security] openvpn (SSA:2018-116-01)
Categories: Security News

Bugtraq: [HITB-Announce] HITBGSEC2018 CFP - Final Call

SecurityFocus Vulnerabilities - Fri, 04/27/2018 - 19:20
[HITB-Announce] HITBGSEC2018 CFP - Final Call
Categories: Security News

Bugtraq: [SECURITY] [DSA 4180-1] drupal7 security update

SecurityFocus Vulnerabilities - Fri, 04/27/2018 - 19:20
[SECURITY] [DSA 4180-1] drupal7 security update
Categories: Security News

Bugtraq: Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability

SecurityFocus Vulnerabilities - Fri, 04/27/2018 - 19:20
Secunia Research: Oracle Outside In Technology Use-After-Free Vulnerability
Categories: Security News

CVE-2018-10515

National Vulnerability Database - Fri, 04/27/2018 - 14:29
In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.
Categories: Security News

CVE-2018-10516

National Vulnerability Database - Fri, 04/27/2018 - 14:29
In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by an admin user, that can cause DoS by moving config.php to the upload/ directory.
Categories: Security News

CVE-2018-10517

National Vulnerability Database - Fri, 04/27/2018 - 14:29
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
Categories: Security News

Pages