CVE-2018-18056
https://notcve.org/view.php?id=CVE-2018-18056
An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash memory. As a consequence, it is possible to execute single instructions with arbitrary system states (e.g., registers, status flags, and SRAM content) and observe the state changes produced by the unknown instruction. An attacker could exploit this vulnerability by executing protected and unknown instructions with specific system states and observing the state changes. • https://www.usenix.org/conference/woot19/presentation/schink https://www.usenix.org/system/files/woot19-paper_schink.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-16986
https://notcve.org/view.php?id=CVE-2018-16986
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments BLE-STACK v2.2.1 para dispositivos SimpleLink CC2640 y CC2650 provoca que atacantes remotos ejecuten código arbitrario mediante un paquete mal formado que desencadena un desbordamiento de búfer. • http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827 http://www.securityfocus.com/bid/105812 http://www.securitytracker.com/id/1042018 https://armis.com/bleedingbit https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap https://www.kb.cert.org/vuls/id/317277 • CWE-787: Out-of-bounds Write •
CVE-2013-6239 – Contexis CMS 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6239
Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action. Una vulnerabilidad de tipo cross-site scripting (XSS) en el modelo de galería de fotos en Exis Contexis versiones anteriores a 2.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro image en una acción detail. Contexis CMS version 1.0 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/123764 http://seclists.org/fulldisclosure/2013/Oct/221 https://exchange.xforce.ibmcloud.com/vulnerabilities/88276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4994
https://notcve.org/view.php?id=CVE-2008-4994
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. Los ficheros de comandos (1) ncsarmt y (2) ncsawrap en xmcd v2.6 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlaces simbólicos al fichero temporal /tmp/Mosaic.*pid. • http://bugs.debian.org/496416 http://dev.gentoo.org/~rbu/security/debiantemp/xmcd http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/32288 https://bugs.gentoo.org/show_bug.cgi?id=235770 https://exchange.xforce.ibmcloud.com/vulnerabilities/46550 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2006-2542
https://notcve.org/view.php?id=CVE-2006-2542
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366816 http://secunia.com/advisories/20078 http://www.debian.org/security/2006/dsa-1086 https://exchange.xforce.ibmcloud.com/vulnerabilities/26452 •