Monthly Archive: March 2017

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up,...

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. Date published : 2017-03-26 http://www.securityfocus.com/bid/96982 https://moodle.org/mod/forum/discuss.php?d=349422

In Moodle 3.x, XSS can occur via evidence of prior learning. Date published : 2017-03-26 http://www.securityfocus.com/bid/96979 https://moodle.org/mod/forum/discuss.php?d=349421

In Moodle 3.2.x, global search displays user names for unauthenticated users. Date published : 2017-03-26 http://www.securityfocus.com/bid/96978 https://moodle.org/mod/forum/discuss.php?d=349420

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Date published : 2017-03-26 http://www.securityfocus.com/bid/96977 https://moodle.org/mod/forum/discuss.php?d=349419

The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01,...

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Date published : 2017-03-24 https://www.exploit-db.com/exploits/39010/ https://security.gentoo.org/glsa/201602-01

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Date published : 2017-03-24 http://www.securityfocus.com/bid/93261 http://bugs.clusterlabs.org/show_bug.cgi?id=5269

Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. Date published : 2017-03-24 http://www.securityfocus.com/bid/91774 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160713-01-router-en

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. Date published : 2017-03-24 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816759 https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a

The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. Date published : 2017-03-24...

The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. Date published : 2017-03-24 http://www.securityfocus.com/bid/82903 http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c

The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. Date published : 2017-03-24 http://www.securityfocus.com/bid/82903...

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. Date...