NVD

CVE-2018-19935

NVD Vulnerabilities - Fri, 12/07/2018 - 04:29
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
Categories: NVD

CVE-2018-19939

NVD Vulnerabilities - Fri, 12/07/2018 - 04:29
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
Categories: NVD

CVE-2018-19931

NVD Vulnerabilities - Fri, 12/07/2018 - 02:29
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
Categories: NVD

CVE-2018-19932

NVD Vulnerabilities - Fri, 12/07/2018 - 02:29
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
Categories: NVD

CVE-2018-16601

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
Categories: NVD

CVE-2018-16602

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
Categories: NVD

CVE-2018-16603

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
Categories: NVD

CVE-2018-19659

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
Categories: NVD

CVE-2018-19660

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
Categories: NVD

CVE-2018-19665

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
Categories: NVD

CVE-2018-19923

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
Categories: NVD

CVE-2018-19924

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
Categories: NVD

CVE-2018-19925

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
Categories: NVD

CVE-2018-19926

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
Categories: NVD

CVE-2018-19927

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
Categories: NVD

CVE-2018-6755

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Categories: NVD

CVE-2018-6756

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Categories: NVD

CVE-2018-6757

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Categories: NVD

CVE-2018-16522

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
Categories: NVD

CVE-2018-16523

NVD Vulnerabilities - Thu, 12/06/2018 - 18:29
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
Categories: NVD