22 matches found
CVE-2019-13959
In Bento4 1.5.1-627, AP4DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186...
CVE-2024-13959
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory...
CVE-2024-13959
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory...
CVE-2024-13959
creationtimestamp| type| source ---|---|--- 2025-05-09 16:05:02+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loqsk3uoz4c2 2025-05-09 16:12:29+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114478753232862764 2025-05-09...
CVE-2024-13959 Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory...
CVE-2024-13959 Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory...
CVE-2024-13959
CVE-2024-13959 affects AVG TuneUp for PC (Windows) due to a flaw in the TuneupSvc.exe service. An attacker with local, low-privilege code can exploit a symbolic-link mishandling in TuneupSvc.exe to cause deletion of a directory, enabling privilege escalation to SYSTEM and potential arbitrary code...
CVE-2018-13959
This CVE-2018-13959 entry is rejected/not used and does not represent an active vulnerability.
CVE-2018-13959
...
Security Bulletin: Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus
Summary Vulnerabilities in Apache and Node.js such as execution of arbitrary code on the system, cross -site scripting, and bypassing security restrictions, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28458 DESCRIPTION: Node.js datatables.net module could allow a...
OESA-2021-1122 velocity-tools security update
The VelocityTools project is a collection of useful Java classes aka tools, as well as infrastructure to easily, automatically and transparently make these tools available to Velocity templates. Project include easy integration of Velocity into the view-layer of web applications via the...
ai.databand.azkaban:azkaban-web-server (=3.18.0), at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2) +1360 more potentially affected by CVE-2020-13959 via org.apache.velocity:velocity-tools (>=1.3 <=2.0)
org.apache.velocity:velocity-tools MAVEN version =1.3, =9.1.1, =1.0.0, =1.0.0, =0.1, =2.1, =1.2.1, =1.0.0, =0.0.1, =0.0.1, =1.2.28, =1.0.0, =1.1.0 and more Source cves: CVE-2020-13959 Source advisory: OSV:GHSA-FH63-4R66-JC7V...
DEBIAN-CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959 Velocity Tools XSS Vulnerability
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
CVE-2020-13959 affects Apache Velocity Tools before 3.1. The vulnerability lies in the default VelocityView error page which reflects back the vm file entered in the URL, enabling an attacker to supply an XSS payload via the vm parameter. When a user clicks a crafted URL, the payload can execute ...
CVE-2019-13959
In Bento4 1.5.1-627, AP4DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186...
CVE-2019-13959
In Bento4 1.5.1-627, AP4DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186...
UBUNTU-CVE-2019-13959
In Bento4 1.5.1-627, AP4DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186...