News aggregator

CVE-2017-16071

National Vulnerability Database - Wed, 06/06/2018 - 22:29
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16072

National Vulnerability Database - Wed, 06/06/2018 - 22:29
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16073

National Vulnerability Database - Wed, 06/06/2018 - 22:29
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-18154

National Vulnerability Database - Wed, 06/06/2018 - 17:29
A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3562

National Vulnerability Database - Wed, 06/06/2018 - 17:29
Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3565

National Vulnerability Database - Wed, 06/06/2018 - 17:29
While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur.
Categories: Security News

CVE-2018-3578

National Vulnerability Database - Wed, 06/06/2018 - 17:29
Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3580

National Vulnerability Database - Wed, 06/06/2018 - 17:29
Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-3852

National Vulnerability Database - Wed, 06/06/2018 - 17:29
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.
Categories: Security News

CVE-2018-5840

National Vulnerability Database - Wed, 06/06/2018 - 17:29
Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-5841

National Vulnerability Database - Wed, 06/06/2018 - 17:29
dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-5845

National Vulnerability Database - Wed, 06/06/2018 - 17:29
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-5846

National Vulnerability Database - Wed, 06/06/2018 - 17:29
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2018-5850

National Vulnerability Database - Wed, 06/06/2018 - 17:29
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

CVE-2017-7906

National Vulnerability Database - Wed, 06/06/2018 - 16:29
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
Categories: Security News

CVE-2017-7931

National Vulnerability Database - Wed, 06/06/2018 - 16:29
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.
Categories: Security News

CVE-2017-7933

National Vulnerability Database - Wed, 06/06/2018 - 16:29
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
Categories: Security News

CVE-2018-10198

National Vulnerability Database - Wed, 06/06/2018 - 16:29
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
Categories: Security News

CVE-2018-1265

National Vulnerability Database - Wed, 06/06/2018 - 16:29
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.
Categories: Security News

CVE-2018-1268

National Vulnerability Database - Wed, 06/06/2018 - 16:29
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.
Categories: Security News

Pages