News aggregator

CVE-2018-11625

National Vulnerability Database - Thu, 05/31/2018 - 12:29
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
Categories: Security News

CVE-2018-11220

National Vulnerability Database - Thu, 05/31/2018 - 11:29
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
Categories: Security News

CVE-2018-5388

National Vulnerability Database - Thu, 05/31/2018 - 09:29
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Categories: Security News

CVE-2018-11036

National Vulnerability Database - Thu, 05/31/2018 - 08:29
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
Categories: Security News

CVE-2018-9311

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.
Categories: Security News

CVE-2018-9312

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9313

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.
Categories: Security News

CVE-2018-9314

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.
Categories: Security News

CVE-2018-9318

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.
Categories: Security News

CVE-2018-9320

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9322

National Vulnerability Database - Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.
Categories: Security News

CVE-2018-11583

National Vulnerability Database - Wed, 05/30/2018 - 23:29
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
Categories: Security News

CVE-2018-11579

National Vulnerability Database - Wed, 05/30/2018 - 21:29
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
Categories: Security News

CVE-2018-11580

National Vulnerability Database - Wed, 05/30/2018 - 21:29
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.
Categories: Security News

CVE-2018-11571

National Vulnerability Database - Wed, 05/30/2018 - 20:29
ClipperCMS 1.3.3 allows Session Fixation.
Categories: Security News

CVE-2018-11572

National Vulnerability Database - Wed, 05/30/2018 - 20:29
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.
Categories: Security News

CVE-2018-11575

National Vulnerability Database - Wed, 05/30/2018 - 20:29
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
Categories: Security News

CVE-2018-11576

National Vulnerability Database - Wed, 05/30/2018 - 20:29
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
Categories: Security News

CVE-2018-11577

National Vulnerability Database - Wed, 05/30/2018 - 20:29
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
Categories: Security News

CVE-2018-11578

National Vulnerability Database - Wed, 05/30/2018 - 20:29
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
Categories: Security News

Pages