Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download Version: 3.3.5 Tested on: PHP CVE...

Out-of-bounds

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

CVE-2018-16276

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

CVE-2018-16276

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

CVE-2018-16276

CVE-2018-16276 concerns the Linux kernel, specifically the yurex_read function in drivers/usb/misc/yurex.c. The issue is a bounds-check vulnerability that could allow a local attacker with access to the system to crash the kernel or potentially escalate privileges. Affected code path is in the US...

CVE-2018-16276

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

UBUNTU-CVE-2018-16276

An issue was discovered in yurexread in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges...

bro -- array bounds and potential DOS issues

Corelight reports: Bro 2.5.5 primarily addresses security issues: Fix array bounds checking in BinPAC: for arrays that are fields within a record, the bounds check was based on a pointer to the start of the record rather than the start of the array field, potentially resulting in a buffer...

[SECURITY] Fedora 27 Update: vim-syntastic-3.9.0-1.fc27

Syntastic is a syntax checking plugin that runs files through external synt ax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to...

CVE-2018-10921

CVE-2018-10921 affects the ttembed input file processing component. The connected documents describe an integer overflow triggered by processing crafted input files due to a lack of checking return codes from fgetc/fputc, potentially leading to input file corruption. Several sources (including Ne...

[SECURITY] Fedora 28 Update: pam_yubico-2.26-1.fc28

This is pamyubico, a pluggable authentication module that can be used with Linux-PAM and yubikeys. This module supports yubikey OTP checking...

[SECURITY] Fedora 27 Update: pam_yubico-2.26-1.fc27

This is pamyubico, a pluggable authentication module that can be used with Linux-PAM and yubikeys. This module supports yubikey OTP checking...

Oracle Re-Patches Decade-Old Solaris Bug

Oracle has issued three fixes for a critical Solaris vulnerability that could allow kernel-level privilege escalation. Impacted are the Solaris 10 and 11.3 operating environments. Sun Microsystems now owned by Oracle originally patched the vulnerability in 2009. But, a “re-fix” is now required,...

DEBIAN-CVE-2018-14370

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read...

CVE-2018-14370

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read...

CVE-2018-14370

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read...

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0...

ACD Systems Canvas Draw 4 IO Metadata Out-of-Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Out-of-bounds

Improper bounds checking of the obuf variable in the linkntoa function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by...

CVE-2016-6559

Improper bounds checking of the obuf variable in the linkntoa function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by...