News aggregator

CVE-2018-16867

National Vulnerability Database - Wed, 12/12/2018 - 08:29
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Categories: Security News

CVE-2018-18397

National Vulnerability Database - Wed, 12/12/2018 - 05:29
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
Categories: Security News

CVE-2018-20094

National Vulnerability Database - Wed, 12/12/2018 - 05:29
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java.
Categories: Security News

CVE-2018-20095

National Vulnerability Database - Wed, 12/12/2018 - 05:29
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.
Categories: Security News

CVE-2018-20096

National Vulnerability Database - Wed, 12/12/2018 - 05:29
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Categories: Security News

CVE-2018-20097

National Vulnerability Database - Wed, 12/12/2018 - 05:29
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Categories: Security News

CVE-2018-20098

National Vulnerability Database - Wed, 12/12/2018 - 05:29
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Categories: Security News

CVE-2018-20099

National Vulnerability Database - Wed, 12/12/2018 - 05:29
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
Categories: Security News

Vuln: phpMyAdmin CVE-2018-19968 Local File Include Vulnerability

SecurityFocus Vulnerabilities - Wed, 12/12/2018 - 00:00
phpMyAdmin CVE-2018-19968 Local File Include Vulnerability
Categories: Security News

Vuln: Oracle Solaris CVE-2017-3623 Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities - Wed, 12/12/2018 - 00:00
Oracle Solaris CVE-2017-3623 Remote Code Execution Vulnerability
Categories: Security News

Vuln: X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation Vulnerability

SecurityFocus Vulnerabilities - Wed, 12/12/2018 - 00:00
X.Org X Server CVE-2018-14665 Multiple Local Privilege Escalation Vulnerability
Categories: Security News

CVE-2018-8651

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
Categories: Security News

CVE-2018-8652

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
Categories: Security News

CVE-2018-8617

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629.
Categories: Security News

CVE-2018-8618

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8624, CVE-2018-8629.
Categories: Security News

CVE-2018-8619

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
Categories: Security News

CVE-2018-8621

National Vulnerability Database - Tue, 12/11/2018 - 19:29
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622.
Categories: Security News

CVE-2018-8622

National Vulnerability Database - Tue, 12/11/2018 - 19:29
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621.
Categories: Security News

CVE-2018-8624

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629.
Categories: Security News

CVE-2018-8625

National Vulnerability Database - Tue, 12/11/2018 - 19:29
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
Categories: Security News

Pages