News aggregator

CVE-2018-8017

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
Categories: Security News

CVE-2018-11893

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.
Categories: Security News

CVE-2018-11894

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW.
Categories: Security News

CVE-2018-11895

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.
Categories: Security News

CVE-2018-11897

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit.
Categories: Security News

CVE-2018-11898

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.
Categories: Security News

CVE-2018-11902

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
Categories: Security News

CVE-2018-11903

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.
Categories: Security News

CVE-2018-11904

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.
Categories: Security News

CVE-2018-11761

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Categories: Security News

CVE-2018-11762

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
Categories: Security News

CVE-2018-11878

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.
Categories: Security News

CVE-2018-11883

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.
Categories: Security News

CVE-2018-11886

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function.
Categories: Security News

CVE-2018-11889

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.
Categories: Security News

CVE-2018-11891

National Vulnerability Database - Wed, 09/19/2018 - 10:29
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.
Categories: Security News

CVE-2018-17182

National Vulnerability Database - Wed, 09/19/2018 - 05:29
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Categories: Security News

CVE-2018-17144

National Vulnerability Database - Wed, 09/19/2018 - 04:29
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
Categories: Security News

Vuln: Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/19/2018 - 00:00
Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
Categories: Security News

Vuln: Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability

SecurityFocus Vulnerabilities - Wed, 09/19/2018 - 00:00
Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
Categories: Security News

Pages