CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-3907

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

CVE-2018-3867

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...

PT-2018-16260 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists in the samsungWifiScan handler of video-core's HTTP server. The video-core process incorrectly extracts fields from a user-controlled JSON payload...

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

CVE-2017-7528

CRLF Injection in Ansible Tower shipped with Red Hat CloudForms Management Engine 5 is triggered via the X-Forwarded-For header, allowing internal servers to deploy other systems through a callback mechanism. This mode is documented in CVE-2017-7528; the vulnerability affects the Ansible Tower co...

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon

If third-party vendors want to add new features to the macOS kernel, such as antivirus capabilities, ransomware blocking, data breach auditing, behavior monitoring and so on, they usually need the support of the system’s exported interfaces. At present, only two known official interfaces are...

Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stac...

Linux: Uninitialized state in x86 PV failsafe callback path

ISSUE DESCRIPTION Linux has a failsafe callback, invoked by Xen under certain conditions. Normally in this failsafe callback, errorentry is paired with errorexit; and errorentry uses %ebx to communicate to errorexit whether to use the user or kernel return path. Unfortunately, on 64-bit PV Xen on...

PT-2018-2684 · Xen +4 · Xen +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.12 Xen versions prior to 4.11.x Description: An issue in the Linux kernel and Xen hypervisor allows local users to cause a denial of service or possibly gain privileges. The xen failsafe callback entry poin...

UBUNTU-CVE-2018-14332

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the...

Design/Logic Flaw

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...

CVE-2018-13865

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism...

New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702, CVE-2018-12703)

Update: 2018-06-24 With swift, coordinated response from Huobi.pro, we appreciate the announcement 11 on suspending the deposits and withdrawals of affected tokens! Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow...

CVE-2018-11304

Possible buffer overflow in msmadspstreamcallbackput due to lack of input validation of user-provided data that leads to integer overflow in all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. When the RegexHelper::StringReplace calls the callback function, it does not mark it with an ImplicitCallFlag, allowing a malicious user to pass a function to be executed in certain cases.This CVE ID is different from CVE-2017-11792,...

UBUNTU-CVE-2018-11040

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

Drupal RESTWS Module Page Callback RCE

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the bundled RESTful Web services RESTWS module due to a flaw in how default page callbacks for Drupal entities are altered when handling specially crafted requests. An unauthenticated,...