News aggregator

CVE-2018-9541

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531
Categories: Security News

CVE-2018-9542

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861
Categories: Security News

CVE-2018-9543

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112868088
Categories: Security News

CVE-2018-9544

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113037220
Categories: Security News

CVE-2018-9545

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113111784
Categories: Security News

CVE-2018-9580

National Vulnerability Database - Wed, 11/14/2018 - 13:29
A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.
Categories: Security News

CVE-2018-15708

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
Categories: Security News

CVE-2018-15709

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
Categories: Security News

CVE-2018-15710

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
Categories: Security News

CVE-2018-15711

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
Categories: Security News

CVE-2018-15712

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
Categories: Security News

CVE-2018-15713

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
Categories: Security News

CVE-2018-15714

National Vulnerability Database - Wed, 11/14/2018 - 13:29
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
Categories: Security News

CVE-2018-9347

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359
Categories: Security News

CVE-2018-9457

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-72872376
Categories: Security News

CVE-2018-9521

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331
Categories: Security News

CVE-2018-9522

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112550251
Categories: Security News

CVE-2018-9523

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112859604
Categories: Security News

CVE-2018-9524

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870
Categories: Security News

CVE-2018-9525

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111330641
Categories: Security News

Pages