PT-2018-16226 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1013 Description: An exploitable firmware update issue exists in the Insteon Hub. The HTTP server allows uploading arbitrary MPFS binaries, which can be modified to access hidden resources for uploading unsigned firmware...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-762) (Spectre)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-13406: An integer overflow in the uvesafbsetcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges...

CVE-2017-2623

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certifica...

Default credentials

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certifica...

procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues

A flaw was found where procps-ng provides wrappers for standard C allocators that took unsigned int instead of sizet parameters. On platforms where these differ such as x8664, this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowe...

Authentication Bypass

SimpleSAMLphp is vulnerable to authentication bypasses. A malicious user can pass an unsigned SAML response with multiple assertions to the application. As long as one of the assertions are valid the application will consider the SAML response valid and grant access to the malicious user...

CVE-2018-10988

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRONAME/upgrade.sh or...

CVE-2018-10988

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRONAME/upgrade.sh or...

Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1761-1)

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3665: Prevent disclosure of FPU registers including XMM and AVX registers between processes. These registers might contain encryption keys when...

Unspecified Vulnerability in Multiple Objective-See KnockKnock Products

Objective-See KnockKnock is a tool for finding and analyzing malware.TaskExplorer is a tool for viewing processes on your system. A security vulnerability exists in several Objective-See KnockKnock products. The vulnerability can be exploited by an attacker with a maliciously crafted...

F-Secure XFENCE and Little Flocker Command Execution Vulnerabilities

F-Secure XFENCE formerly Little Flocker is a suite of file protection utilities from the Finnish company F-Secure. The program prevents unauthorized access to files and protects against computer security threats such as malware and Trojans. A security vulnerability exists in F-Secure XFENCE and...

Google Santa and molcodesignchecker Code Signing Vulnerabilities

Google Santa is a binary black/white listing system for macOS. molcodesignchecker is a program that performs code signature verification in Objective-C. A security vulnerability exists in Google Santa and molcodesignchecker. The vulnerability can be exploited by an attacker with a maliciously...

Yelp OSXCollector Code Execution Vulnerability

Yelp OSXCollector is a malware analysis toolkit for OSX. A security vulnerability exists in Yelp OSXCollector. The vulnerability can be exploited by maliciously crafted multi-architecture programs Universal/fat binary to bypass third-party code signature detection and execute unsigned malicious...

Carbon Black Cb Response Code Execution Vulnerability

Carbon Black Cb Response is a scalable endpoint security solution from Carbon Black USA. The solution provides threat monitoring, threat alerts and malicious domain lists. A security vulnerability exists in Carbon Black Cb Response. The vulnerability can be exploited by an attacker to bypass...

VirusTotal Code Execution Vulnerability

VirusTotal is a suite of antivirus software. The software is able to detect types of malware by analyzing suspicious files and URLs. A security vulnerability exists in VirusTotal. The vulnerability can be exploited by maliciously crafted multi-fat binary programs Universal/fat binary to bypass...

CVE-2017-12070

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code...

Code injection

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

PYSEC-2018-95

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

CVE-2018-10406

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...