CVE-2018-13858

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

CVE-2018-13861

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 FW 303 allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

CVE-2018-13862

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 FW 303 allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful attack will allow attackers to...

CVE-2018-13859

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful...

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

CVE-2018-13858

The CVE-2018-13858 vulnerability affects MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional. It allows unauthorized remote attackers to reboot or execute other functions via the /xml/system/control.xml URL, using a GET request like ?action=reboot. The NVD entry lists ...

CVE-2018-13862

The CVE-2018-13862 entry concerns Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 (FW 303). The vulnerability allows unauthorized remote attackers to reset authentication via the URL /xml/system/setAttribute.xml using a GET request with id=0&attr=protectAccess&newValue=0, which can let an a...

CVE-2018-13861

CVE-2018-13861 concerns Touchpad / Trivum WebTouch Setup V9 with version V2.53 build 13163 (FW 303). The root cause is an unauthenticated remote access path that enables an attacker to reboot or perform other functions by issuing a GET to /xml/system/control.xml?action=reboot. The NVD entry descr...

CVE-2018-13860

CVE-2018-13860 affects MusicCenter / Trivum Multiroom Setup Tool V8.76 – SNR 8604.26 and C4 Professional before V9.34 build 13381. The vulnerability allows unauthorized remote attackers to obtain sensitive information via the /xml/menu/getObjectEditor.xml endpoint using GET requests like ?oid=sys...

CVE-2018-13859

CVE-2018-13859 affects MusicCenter / Trivum Multiroom Setup Tool V8.76 (SNR 8604.26) and C4 Professional prior to V9.34 build 13381. The root cause is an unauthorized reset of authentication via the GET endpoint /xml/system/setAttribute.xml with id=0&attr=protectAccess&newValue=0, allowing attack...

XenDesktop Setup Wizard fails with error (UUID_INVALID)

When running the XenDesktop Setup Wizard XDSW you might receive the following error when selecting the PVS Accelerator Configuration. The error might also be shown when attempting to change the Accelerator Status of a Target Device or Enabling/Disabling the Accelerator setting on a Host Entry...

Null pointer dereference

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

AZL-66249 CVE-2018-13440 affecting package audiofile 0.3.6-27

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

AZL-44397 CVE-2018-13440 affecting package audiofile 0.3.6-27

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

DEBIAN-CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

CVE-2018-13440

The vulnerability is in audiofile (Audio File Library) 0.3.6: a NULL pointer dereference in ModuleState::setup (modules/ModuleState.cpp) allows denial of service via a crafted caf file (CVE-2018-13440). Attacks require no authentication and can be network-agnostic; impact is denial of service. Pu...

CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...