News aggregator

CVE-2018-7453

National Vulnerability Database - Sat, 02/24/2018 - 01:29
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7454

National Vulnerability Database - Sat, 02/24/2018 - 01:29
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7455

National Vulnerability Database - Sat, 02/24/2018 - 01:29
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7456

National Vulnerability Database - Sat, 02/24/2018 - 01:29
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
Categories: Security News

Bugtraq: [SECURITY] [DSA 4122-1] squid3 security update

SecurityFocus Vulnerabilities - Fri, 02/23/2018 - 23:20
[SECURITY] [DSA 4122-1] squid3 security update
Categories: Security News

Bugtraq: [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance

SecurityFocus Vulnerabilities - Fri, 02/23/2018 - 23:20
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance
Categories: Security News

Bugtraq: Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5

SecurityFocus Vulnerabilities - Fri, 02/23/2018 - 23:20
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5
Categories: Security News

Bugtraq: [SECURITY] [DSA 4120-1] linux security update

SecurityFocus Vulnerabilities - Fri, 02/23/2018 - 23:20
[SECURITY] [DSA 4120-1] linux security update
Categories: Security News

CVE-2018-7434

National Vulnerability Database - Fri, 02/23/2018 - 22:29
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
Categories: Security News

CVE-2018-7447

National Vulnerability Database - Fri, 02/23/2018 - 21:29
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable.
Categories: Security News

CVE-2017-18197

National Vulnerability Database - Fri, 02/23/2018 - 21:29
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
Categories: Security News

CVE-2017-14884

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
Categories: Security News

CVE-2017-14910

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overread is possible if there are no newlines in an input file.
Categories: Security News

CVE-2017-15518

National Vulnerability Database - Fri, 02/23/2018 - 18:29
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
Categories: Security News

CVE-2017-15817

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
Categories: Security News

CVE-2017-15820

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
Categories: Security News

CVE-2017-15829

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
Categories: Security News

CVE-2017-15860

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
Categories: Security News

CVE-2017-15861

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
Categories: Security News

CVE-2017-15862

National Vulnerability Database - Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.
Categories: Security News

Pages