Security News

CVE-2018-14514

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
Categories: Security News

CVE-2018-14515

National Vulnerability Database - Mon, 07/23/2018 - 04:29
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
Categories: Security News

CVE-2018-14517

National Vulnerability Database - Mon, 07/23/2018 - 04:29
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
Categories: Security News

CVE-2018-14521

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
Categories: Security News

CVE-2018-14522

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
Categories: Security News

CVE-2018-14523

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
Categories: Security News

CVE-2018-14524

National Vulnerability Database - Mon, 07/23/2018 - 04:29
dwg_decode_eed in decode.c in GNU LibreDWG 0.5.1048 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
Categories: Security News

CVE-2018-14527

National Vulnerability Database - Mon, 07/23/2018 - 04:29
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
Categories: Security News

CVE-2018-14531

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.
Categories: Security News

CVE-2018-14532

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp.
Categories: Security News

CVE-2018-14543

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp4dump.
Categories: Security News

CVE-2018-14544

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Categories: Security News

CVE-2018-14545

National Vulnerability Database - Mon, 07/23/2018 - 04:29
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
Categories: Security News

CVE-2018-14549

National Vulnerability Database - Mon, 07/23/2018 - 04:29
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
Categories: Security News

CVE-2018-14551

National Vulnerability Database - Mon, 07/23/2018 - 04:29
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
Categories: Security News

Vuln: Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability

SecurityFocus Vulnerabilities - Mon, 07/23/2018 - 00:00
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
Categories: Security News

CVE-2018-14505

National Vulnerability Database - Sun, 07/22/2018 - 14:29
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
Categories: Security News

CVE-2018-14500

National Vulnerability Database - Sun, 07/22/2018 - 13:29
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
Categories: Security News

CVE-2018-14501

National Vulnerability Database - Sun, 07/22/2018 - 13:29
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
Categories: Security News

CVE-2018-14492

National Vulnerability Database - Sat, 07/21/2018 - 08:29
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
Categories: Security News

Pages