CVE-2017-8868

This is an entry in the Common Vulnerability Index under number CVE-2017-8868. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-8868

Description: acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.

Continue Reading …

CVE-2018-5980

This is an entry in the Common Vulnerability Index under number CVE-2018-5980. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-5980

Description: SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2017-13230

This is an entry in the Common Vulnerability Index under number CVE-2017-13230. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-13230

Description: In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed.

Continue Reading …

CVE-2017-12792

This is an entry in the Common Vulnerability Index under number CVE-2017-12792. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-12792

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname,

Continue Reading …

CVE-2017-1279

This is an entry in the Common Vulnerability Index under number CVE-2017-1279. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-1279

Description: IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot”

Continue Reading …

CVE-2017-13666

This is an entry in the Common Vulnerability Index under number CVE-2017-13666. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-13666

Description: An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products.

Continue Reading …

CVE-2017-12691

This is an entry in the Common Vulnerability Index under number CVE-2017-12691. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-12691

Description: The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2017-2916

This is an entry in the Common Vulnerability Index under number CVE-2017-2916. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-2916

Description: An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten.

Continue Reading …

CVE-2018-7472

This is an entry in the Common Vulnerability Index under number CVE-2018-7472. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2018-7472

Description: INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2017-2636

This is an entry in the Common Vulnerability Index under number CVE-2017-2636. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2017-2636

Description: Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

Continue Reading …