Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. Date published : 2018-08-29 http://www.securityfocus.com/bid/105065 https://helpx.adobe.com/security/products/creative-cloud/apsb18-20.html
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Date published : 2018-08-29 https://sourceforge.net/p/mcj/tickets/28/ https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. Date published : 2018-08-29 https://www.exploit-db.com/exploits/45309/ https://emreovunc.com/blog/en/CyBroHttpServer-v1.0.3-XSS.png
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. Date published : 2018-08-29 https://www.exploit-db.com/exploits/45303/ https://emreovunc.com/blog/en/CyBroHttpServer-v.1.0.3-Directory-Traversal-3.png
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to...
Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration...
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. Date published : 2018-08-29 http://www.securityfocus.com/bid/105174...
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. Date published : 2018-08-29 http://www.securityfocus.com/bid/105174 https://www.debian.org/security/2018/dsa-4315
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists....
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be...
** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap...
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. Date published :...
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user....
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. Date published : 2018-08-29 http://packetstormsecurity.com/files/149109/CMS-ISWEB-3.5.3-Cross-Site-Scripting.html