News aggregator

CVE-2017-13304

National Vulnerability Database - Wed, 04/04/2018 - 12:29
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.
Categories: Security News

CVE-2017-13305

National Vulnerability Database - Wed, 04/04/2018 - 12:29
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
Categories: Security News

CVE-2017-13267

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009.
Categories: Security News

CVE-2017-13274

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.
Categories: Security News

CVE-2017-13275

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.
Categories: Security News

CVE-2017-13276

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.
Categories: Security News

CVE-2017-13277

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027.
Categories: Security News

CVE-2017-13278

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581.
Categories: Security News

CVE-2017-13279

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.
Categories: Security News

CVE-2017-13280

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451.
Categories: Security News

CVE-2017-13281

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262.
Categories: Security News

CVE-2017-13282

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315.
Categories: Security News

CVE-2017-13283

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410.
Categories: Security News

CVE-2017-13284

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273.
Categories: Security News

CVE-2017-13285

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126.
Categories: Security News

CVE-2017-13286

National Vulnerability Database - Wed, 04/04/2018 - 12:29
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251.
Categories: Security News

CVE-2018-8813

National Vulnerability Database - Wed, 04/04/2018 - 11:29
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
Categories: Security News

CVE-2018-8814

National Vulnerability Database - Wed, 04/04/2018 - 11:29
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.
Categories: Security News

CVE-2018-9205

National Vulnerability Database - Wed, 04/04/2018 - 11:29
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Categories: Security News

CVE-2018-9248

National Vulnerability Database - Wed, 04/04/2018 - 11:29
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.
Categories: Security News

Pages