CVE-2019-13614

CMDSETCONFIGCOUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

DEBIAN-CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

Design/Logic Flaw

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

GHSA-X64G-WJMW-W328 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

shopify-scripts: Invalid read in `str_replace_partial`

PoC === The attached POC shows an invalid read. Debug info ========== The issue happens when memmove is called inside strreplacepartial. valgrind report: 0==27051== Invalid read of size 1 ==27051== at 0x483FA10: memmove vgreplacestrmem.c:1270 ==27051== by 0x135D60: strreplacepartial string.c:1193...

IBM Robotic Process Automation with Automation Anywhere Information Disclosure Vulnerability (CNVD-2019-20993)

IBM Robotic Process Automation with Automation Anywhere is a suite of process automation solutions from IBM USA. An information disclosure vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 11.0. An attacker could exploit this vulnerability to obtain email...

CVE-2019-4296

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759...

CVE-2019-4296

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759...

Information disclosure

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759...

CVE-2019-4296

IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759...

PT-2019-17020 · Automation Anywhere +1 · Automation Anywhere +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue allows a local user to obtain e-mail contents from the client debug log file, potentially leading to information disclosure. Recommendations: For IBM...

Ubuntu 16.04 LTS : Ceph vulnerabilities (USN-4035-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4035-1 advisory. It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys...

New cryptomining botnet malware hits Android devices

By Uzair Amir The new malware exploits Android Debug Bridge ADB ports. In a research conducted by the Tokyo-based cybersecurity and threat defense firm Trend Micro, it was revealed that there is a new cryptomining malware bot that’s particularly targeting Android devices. The miner exploits the...

shopify-scripts: NULL pointer dereference in `mrb_check_frozen`

PoC === The following demonstrates a crash: 3735928559.removeinstancevariable '@a' Debug info ========== Valgrind suggests the crash happens due to an invalid read in mrbcheckfrozen: ==4882== Memcheck, a memory error detector ==4882== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...