Google Chrome Security Updates (stable-channel-update-for-desktop-2018-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2018-1221)

According to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject...

Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

ACD Systems Canvas Draw 4 IO Metadata Out-of-Bounds Write Code Execution Vulnerability

Summary An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Adobe Acrobat Pro DC U3D RGB Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC U3D GIF Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC and Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

In wmananrspeventhandler in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, the datalen value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access...

CVE-2018-5836

In wmananrspeventhandler in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, the datalen value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access...

Amazon Linux AMI : gnupg / gnupg2 (ALAS-2018-1045)

A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could ha...

Important: gnupg, gnupg2

Issue Overview: A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication...

Delta Industrial Automation COMMGR Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to COMMGR. The issue results fro...

Denial of Service Vulnerability in Micropoint Active Defense Personal Edition

Micropoint Active Defense System Personal Edition is a new-generation anti-virus product with completely independent intellectual property rights developed by Micropoint Baihui Beijing Information Security Technology Company Limited hereinafter referred to as Micropoint. A denial-of-service...

Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied...

Denial of Service Vulnerability in Micropoint Active Defense Personal Edition

Micropoint Active Defense System Personal Edition is a new-generation anti-virus product with completely independent intellectual property rights developed by Micropoint Baihui Beijing Information Security Technology Company Limited hereinafter referred to as Micropoint. A denial-of-service...

KLA11732 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, spoof user interface, execute arbitrary code. Below is a complete list of...

Liberapay: No Data Validation, No Captcha, No Filters...

POST /for/new HTTP/1.1 Host: liberapay.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:52.0 Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer:...

Liberapay: Improper Data Validation / Unvalidated Input

Steps to reproduce: 1 - Be logged in a account 2 - Go to: https://liberapay.com/user/edit/statement 3 - Click on Visualize 4 - Submit and edit POST parameters to fuzz infinitely 5 - Wait the server proccess the request. I send only 2.813.054 characters. Improper input size validation... I'm sorry...