Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

CVE-2018-4028: TALOS-2018-0700 || Cisco Talos Intelligence Group

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability.

CVE
#vulnerability#web#ios#android#cisco#dos#intel#auth#sap#wifi
CVE-2018-16878: High: cumulative patchset to fix CVE-2019-3885, CVE-2018-16877, CVE-2018-16878 + additional unmasked null pointer deref by jnpkrn · Pull Request #1749 · ClusterLabs/pacemaker

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS

CVE-2019-10894: Wireshark • wnpa-sec-2019-14 GSS-API dissector crash

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

CVE-2019-10692: WP Google Maps

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

CVE-2019-0257: Community Wiki Sunset - Wiki Communication

Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVE-2019-6974: kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) · torvalds/linux@cfa3938

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

CVE-2018-3973: TALOS-2018-0638 || Cisco Talos Intelligence Group

An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

CVE-2018-3976: TALOS-2018-0642 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.

CVE-2018-3980: TALOS-2018-0648 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

CVE-2018-3988: TALOS-2018-0656 || Cisco Talos Intelligence Group

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.