Security News

CVE-2018-14434

National Vulnerability Database - Thu, 07/19/2018 - 20:29
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
Categories: Security News

CVE-2018-14435

National Vulnerability Database - Thu, 07/19/2018 - 20:29
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
Categories: Security News

CVE-2018-14436

National Vulnerability Database - Thu, 07/19/2018 - 20:29
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
Categories: Security News

CVE-2018-14437

National Vulnerability Database - Thu, 07/19/2018 - 20:29
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
Categories: Security News

CVE-2018-14438

National Vulnerability Database - Thu, 07/19/2018 - 20:29
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
Categories: Security News

CVE-2018-14439

National Vulnerability Database - Thu, 07/19/2018 - 20:29
espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.
Categories: Security News

CVE-2018-14440

National Vulnerability Database - Thu, 07/19/2018 - 20:29
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter.
Categories: Security News

CVE-2018-14441

National Vulnerability Database - Thu, 07/19/2018 - 20:29
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.
Categories: Security News

CVE-2018-10869

National Vulnerability Database - Thu, 07/19/2018 - 18:29
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
Categories: Security News

CVE-2018-10870

National Vulnerability Database - Thu, 07/19/2018 - 18:29
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
Categories: Security News

CVE-2018-12959

National Vulnerability Database - Thu, 07/19/2018 - 16:29
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
Categories: Security News

CVE-2018-14336

National Vulnerability Database - Thu, 07/19/2018 - 16:29
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
Categories: Security News

CVE-2018-10620

National Vulnerability Database - Thu, 07/19/2018 - 15:29
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed.
Categories: Security News

CVE-2018-14423

National Vulnerability Database - Thu, 07/19/2018 - 15:29
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
Categories: Security News

CVE-2018-3857

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.
Categories: Security News

CVE-2018-3858

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.
Categories: Security News

CVE-2018-3859

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.
Categories: Security News

CVE-2018-3860

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.
Categories: Security News

CVE-2018-3870

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.
Categories: Security News

CVE-2018-3871

National Vulnerability Database - Thu, 07/19/2018 - 15:29
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.
Categories: Security News

Pages