1886 matches found
CVE-2018-16198
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device...
CVE-2018-1000856
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...
Cross site scripting
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...
CVE-2018-1000856
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...
The vulnerability of the libdwfl library in the ELF Elfutils utility for modifying and analyzing binary files allows a attacker to cause a service failure.
The vulnerability of the libdwfl library’s dwflsegmentreportmodule.c file, a tool for modifying and analyzing binary ELF files, is due to a buffer overflow segmentation fault. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created ELF file...
CVE-2018-18358
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...
UPDATE: Infection Monkey 1.6.1
PenTestIT RSS Feed I'm sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this versi...
FreeRDP Buffer Overflow Vulnerability (CNVD-2019-00654)
FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team. A heap buffer overflow vulnerability in the 'zgfxdecompresssegment' function in versions prior to FreeRDP 2.0.0-rc4 can be exploited by a remote attacker to cause a denial of service...
Memory Overwrite
github.com/google/gvisor is vulnerable to memory overwrite attacks. The vulnerability through repeated calls of shmctlIPCRMID which forces a segment to be destroyed prematurely. This could be reused and accessible by a different process...
Design/Logic Flaw
BlueStacks App Player BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later allows an attacker on the same network segment to bypass access restriction to gain unauthorized access...
kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by sending specially modified packets within ongoing T...
DEBIAN-CVE-2018-18310
An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...
CVE-2018-18310
An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...
UBUNTU-CVE-2018-18310
An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...
Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability
Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...
CVE-2018-0662
Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code...
Artifex MuPDF Denial of Service Vulnerability (CNVD-2020-54496)
Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in the 'fzappendbyte' function in the fitz/buffer.c file in Artifex MuPDF version 1.13.0. A remote attacker can exploit this vulnerability to cause a denial of service segmentation error with th...
Unspecified Vulnerability in Artifex MuPDF
Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in the 'pdfgetxrefentry' function in the pdf/pdf-xref.c file in Artifex MuPDF version 1.13.0. A remote attacker can exploit this vulnerability with the help of a specially crafted pdf file to...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on the upstream 4.14.62 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled...