Security News

Vuln: Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 05/23/2018 - 00:00
Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
Categories: Security News

CVE-2018-11354

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
Categories: Security News

CVE-2018-11355

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
Categories: Security News

CVE-2018-11356

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
Categories: Security News

CVE-2018-11357

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
Categories: Security News

CVE-2018-11358

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
Categories: Security News

CVE-2018-11359

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.
Categories: Security News

CVE-2018-11360

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.
Categories: Security News

CVE-2018-11361

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.
Categories: Security News

CVE-2018-11362

National Vulnerability Database - Tue, 05/22/2018 - 17:29
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
Categories: Security News

CVE-2018-10092

National Vulnerability Database - Tue, 05/22/2018 - 16:29
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
Categories: Security News

CVE-2018-10094

National Vulnerability Database - Tue, 05/22/2018 - 16:29
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
Categories: Security News

CVE-2018-10095

National Vulnerability Database - Tue, 05/22/2018 - 16:29
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
Categories: Security News

CVE-2018-9019

National Vulnerability Database - Tue, 05/22/2018 - 16:29
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
Categories: Security News

CVE-2018-11375

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
Categories: Security News

CVE-2018-11376

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
Categories: Security News

CVE-2018-11377

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
Categories: Security News

CVE-2018-11378

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
Categories: Security News

CVE-2018-11379

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
Categories: Security News

CVE-2018-11380

National Vulnerability Database - Tue, 05/22/2018 - 15:29
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.
Categories: Security News

Pages