News aggregator

CVE-2018-12201

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.
Categories: Security News

CVE-2018-12202

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.
Categories: Security News

CVE-2018-12203

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.
Categories: Security News

CVE-2018-12204

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially execute arbitrary code via local access.
Categories: Security News

CVE-2018-12205

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow unauthenticated user to potentially execute arbitrary code via physical access.
Categories: Security News

CVE-2018-12208

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
Categories: Security News

CVE-2018-12209

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.
Categories: Security News

CVE-2018-12210

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.
Categories: Security News

CVE-2018-12211

National Vulnerability Database - Thu, 03/14/2019 - 16:29
Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.
Categories: Security News

CVE-2018-20801 (highcharts)

National Vulnerability Database - Thu, 03/14/2019 - 12:29
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.
Categories: Security News

CVE-2019-9787

National Vulnerability Database - Thu, 03/14/2019 - 12:29
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php.
Categories: Security News

CVE-2019-9785 (gitnote)

National Vulnerability Database - Thu, 03/14/2019 - 10:29
gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.
Categories: Security News

CVE-2019-9777 (libredwg)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
Categories: Security News

CVE-2019-9778 (libredwg)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
Categories: Security News

CVE-2019-9779 (libredwg)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
Categories: Security News

CVE-2019-9765 (blog_mini)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.
Categories: Security News

CVE-2019-9766 (free_mp3_cd_ripper)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.
Categories: Security News

CVE-2019-9767 (free_mp3_cd_ripper)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.
Categories: Security News

CVE-2019-9768 (canarytokens)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
Thinkst Canarytokens through 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.
Categories: Security News

CVE-2019-9769 (piluscart)

National Vulnerability Database - Thu, 03/14/2019 - 05:29
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
Categories: Security News

Pages