2017-08-16

 
RSS for product
CVE-2016-5347
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.

 
RSS for product
CVE-2016-5853
 
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.

 
RSS for product
CVE-2016-5854
 
In a driver in all Qualcomm products with Android releases from CAF using the Linux kernel, kernel heap memory can be exposed to userspace.

 
RSS for product
CVE-2016-5855
 
In a driver, in all Qualcomm product with Android releases from CAF using the Linux kernel, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.

 
RSS for product
CVE-2016-5858
 
In an ioctl handler in all Qualcomm products with Android releases form CAF using the Linux kernel, if a user supplies a value too large, then an out-of-bounds read occurs.

 
RSS for product
CVE-2016-5859
 
In a sound driver in all Qualcomm products in all Android releases from CAF using the Linux kernel, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow.

 
RSS for product
CVE-2016-5860
 
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow.

 
RSS for product
CVE-2016-5861
 
In a display driver in all Qualcomm products with Android releases from CAF using the Linux kernel, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.

 
RSS for product
CVE-2016-5862
 
When a control related to codec is issued from userspace in all Qualcomm products with Android release from CAF using the Linux kernel, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.

 
RSS for product
CVE-2016-5863
 
In an ioctl handler in all Qualcomm products with Android releases from CAF using the Linux kernel, several sanity checks are missing which can lead to out-of-bounds accesses.

 
RSS for product
CVE-2016-5864
 
In an audio driver function in all Qualcomm products with Android releases from CAF using the Linux kernel, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.

 
RSS for product
CVE-2016-5867
 
In a sound driver in all Qualcomm products with Android releases from CAF using the Linux kernel, some variables are from userspace and values can be chosen that could result in stack overflow.

 
RSS for product
CVE-2017-12880
 
In PyJWT 1.5.0 and below the 'invalid_strings' check in 'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string '-----BEGIN RSA PUBLIC KEY-----' which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.

 
RSS for product
CVE-2017-6421
 
In the touch controller function in all Qualcomm products in all Android releases from CAF using the Linux kernel, a variable may be controlled by the user and can lead to a buffer overflow.

 
RSS for product
CVE-2017-8243
 
A buffer overflow can occur when processing a firmware image file in all Qualcomm products with Android releases from CAF using the Linux kernel.

 
RSS for product
CVE-2017-8248
 
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

 
RSS for product
CVE-2017-12892
 
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

 
RSS for product
CVE-2017-7546
 
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

 
RSS for product
CVE-2017-7547
 
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

 
RSS for product
CVE-2017-7548
 
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.

 
RSS for product
CVE-2017-7551
 
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
2017-08-15

 
RSS for product
CVE-2017-12852
 
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

 
RSS for product
CVE-2017-12855
 
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.

 
RSS for product
CVE-2017-12862
 
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

 
RSS for product
CVE-2017-12863
 
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

 


Copyright 2017, cxsecurity.com