Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-009-kraftway-24f2xg-router-possible-remote-code-execution/
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-008-kraftway-24f2xg-router-denial-of-service/
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-007-kraftway-24f2xg-router-denial-of-service/
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. Date published : 2018-08-17 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. Date published : 2018-08-17 https://lgsecurity.lge.com/security_updates.html
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. Date published : 2018-08-17 https://lgsecurity.lge.com/security_updates.html
Pimcore before 5.3.0 allows SQL Injection via the REST web service API. Date published : 2018-08-17 https://www.exploit-db.com/exploits/45208/ http://seclists.org/fulldisclosure/2018/Aug/13
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. Date published : 2018-08-17...
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to...
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of...
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists...
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...