News aggregator

CVE-2017-16643

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16644

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16645

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16646

National Vulnerability Database - Tue, 11/07/2017 - 18:29
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16647

National Vulnerability Database - Tue, 11/07/2017 - 18:29
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16648

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
Categories: Security News

CVE-2017-16649

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16650

National Vulnerability Database - Tue, 11/07/2017 - 18:29
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
Categories: Security News

CVE-2017-16561

National Vulnerability Database - Tue, 11/07/2017 - 17:29
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.
Categories: Security News

CVE-2008-7319

National Vulnerability Database - Tue, 11/07/2017 - 16:29
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
Categories: Security News

CVE-2016-0872

National Vulnerability Database - Tue, 11/07/2017 - 16:29
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.
Categories: Security News

CVE-2017-16642

National Vulnerability Database - Tue, 11/07/2017 - 16:29
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
Categories: Security News

CVE-2017-16641

National Vulnerability Database - Tue, 11/07/2017 - 15:29
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
Categories: Security News

Bugtraq: [SECURITY] [DSA 4020-1] chromium-browser security update

SecurityFocus Vulnerabilities - Tue, 11/07/2017 - 13:20
[SECURITY] [DSA 4020-1] chromium-browser security update
Categories: Security News

CVE-2017-2913

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
Categories: Security News

CVE-2017-2914

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.
Categories: Security News

CVE-2017-2915

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.
Categories: Security News

CVE-2017-2916

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2017-2917

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Categories: Security News

CVE-2017-2921

National Vulnerability Database - Tue, 11/07/2017 - 11:29
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.
Categories: Security News

Pages