DEBIAN-CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

UBUNTU-CVE-2019-19391

DISPUTED In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner...

CVE-2019-19391

LuaJIT up to 2.0.5 (used in Moonjit prior to 2.1.2) contains a type-confusion in debug.getinfo that can cause arbitrary memory read/write. Debian LTS advisory DLA-4283-1 notes this CVE-2019-19391 alongside other CVEs and states fixes in luajit 2.1.0~beta3+dfsg-5.3+deb11u1 for Debian 11; the LuaJI...

PT-2019-17571 · Huawei · Huawei Mate 20

Name of the Vulnerable Software and Affected Versions: Huawei Mate 20 RS versions prior to 9.1.0.135C786E133R3P1 Description: The issue is related to improper authorization in ADB mode, where the software does not properly restrict certain operations. A successful exploit could allow an attacker ...

CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...

Authentication flaw

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...

CVE-2019-16241

CVE-2019-16241 affects TCL Alcatel Cingular Flip 2 B9HUAH1: PIN authentication can be bypassed by placing a specially crafted file in /data/local/tmp/. The System lock-screen app checks for this file’s existence and disables PIN if found, typically via ADB over USB. This is the explicit, device-s...

CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...

CVE-2019-15967

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-15967

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

Design/Logic Flaw

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-15967 Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

Security Update for Microsoft Visual Studio Code (CVE-2019-1414)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.39.1. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A...

Nitro Software Nitro Pro Input Validation Error Vulnerability

Nitro Software Nitro Pro is a U.S. Nitro Software PDF document editor software. The software supports PDF document editing, PDF document formatting and encryption of PDF documents and other functions. An input validation error vulnerability exists in Nitro Software Nitro Pro versions prior to 13....

CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...

PT-2019-11637 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions 4.1 and 4.2 Description: The issue allows a low-privileged user to read pod logs and discover secret material if the log level in an operator has been set to Debug or higher by a privileged user. This...

Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback Exploit

There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...

CVE-2019-18958

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...