News aggregator

CVE-2017-11018

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel
Categories: Security News

CVE-2017-11022

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.
Categories: Security News

CVE-2017-11023

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads.
Categories: Security News

CVE-2017-11024

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.
Categories: Security News

CVE-2017-11025

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.
Categories: Security News

CVE-2017-11026

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.
Categories: Security News

CVE-2017-11027

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.
Categories: Security News

CVE-2017-11028

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().
Categories: Security News

CVE-2017-11029

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.
Categories: Security News

CVE-2017-11032

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().
Categories: Security News

CVE-2017-11035

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.
Categories: Security News

CVE-2017-11038

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.
Categories: Security News

CVE-2017-11058

National Vulnerability Database - Thu, 11/16/2017 - 17:29
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
Categories: Security News

CVE-2017-14028

National Vulnerability Database - Thu, 11/16/2017 - 16:29
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.
Categories: Security News

CVE-2017-16715

National Vulnerability Database - Thu, 11/16/2017 - 16:29
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
Categories: Security News

CVE-2017-16719

National Vulnerability Database - Thu, 11/16/2017 - 16:29
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.
Categories: Security News

CVE-2017-16843

National Vulnerability Database - Thu, 11/16/2017 - 16:29
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
Categories: Security News

CVE-2017-16866

National Vulnerability Database - Thu, 11/16/2017 - 16:29
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
Categories: Security News

CVE-2017-16867

National Vulnerability Database - Thu, 11/16/2017 - 16:29
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.
Categories: Security News

CVE-2017-4930

National Vulnerability Database - Thu, 11/16/2017 - 16:29
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.
Categories: Security News

Pages