News aggregator

CVE-2018-3588

National Vulnerability Database - Fri, 10/26/2018 - 09:29
There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.
Categories: Security News

CVE-2018-5866

National Vulnerability Database - Fri, 10/26/2018 - 09:29
While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.
Categories: Security News

CVE-2017-18124

National Vulnerability Database - Fri, 10/26/2018 - 09:29
During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20
Categories: Security News

CVE-2017-18308

National Vulnerability Database - Fri, 10/26/2018 - 09:29
Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430
Categories: Security News

CVE-2017-18309

National Vulnerability Database - Fri, 10/26/2018 - 09:29
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
Categories: Security News

CVE-2017-18310

National Vulnerability Database - Fri, 10/26/2018 - 09:29
ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016
Categories: Security News

CVE-2017-18311

National Vulnerability Database - Fri, 10/26/2018 - 09:29
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.
Categories: Security News

CVE-2018-11305

National Vulnerability Database - Fri, 10/26/2018 - 09:29
When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.
Categories: Security News

CVE-2018-11821

National Vulnerability Database - Fri, 10/26/2018 - 09:29
Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016
Categories: Security News

CVE-2018-11822

National Vulnerability Database - Fri, 10/26/2018 - 09:29
A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660
Categories: Security News

CVE-2018-18656

National Vulnerability Database - Fri, 10/26/2018 - 08:29
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.
Categories: Security News

Vuln: systemd CVE-2018-15688 Heap Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities - Fri, 10/26/2018 - 00:00
systemd CVE-2018-15688 Heap Buffer Overflow Vulnerability
Categories: Security News

Vuln: Veritas NetBackup Appliance CVE-2018-18652 Arbitrary Command Execution Vulnerability

SecurityFocus Vulnerabilities - Fri, 10/26/2018 - 00:00
Veritas NetBackup Appliance CVE-2018-18652 Arbitrary Command Execution Vulnerability
Categories: Security News

CVE-2018-18653

National Vulnerability Database - Thu, 10/25/2018 - 20:29
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.
Categories: Security News

CVE-2018-18654

National Vulnerability Database - Thu, 10/25/2018 - 20:29
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr.
Categories: Security News

CVE-2018-18655

National Vulnerability Database - Thu, 10/25/2018 - 20:29
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.
Categories: Security News

CVE-2018-18652

National Vulnerability Database - Thu, 10/25/2018 - 19:29
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
Categories: Security News

CVE-2018-17904

National Vulnerability Database - Thu, 10/25/2018 - 18:29
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
Categories: Security News

CVE-2018-14665

National Vulnerability Database - Thu, 10/25/2018 - 16:29
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
Categories: Security News

CVE-2018-3970

National Vulnerability Database - Thu, 10/25/2018 - 14:29
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Categories: Security News

Pages