730 matches found
CVE-2013-2016
CVE-2013-2016 affects qemu v1.3.0 and later (virtio-rng). The issue arises from how addresses are validated when a guest accesses the config space of a virtio device; when the device has a very small or zero-sized config space, a privileged guest could access the host’s qemu address space and pot...
VulnCheck KEV: CVE-2019-10149
Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...
Design/Logic Flaw
Driver may access an invalid address while processing IO control due to lack of check of address validation in Snapdragon Connectivity in QCA6390...
CVE-2019-10618
CVE-2019-10618 affects Qualcomm Snapdragon Connectivity on the QCA6390, where the driver may access an invalid address while processing an IOCTL due to insufficient address validation. The issue is documented across multiple feeds (NVD, Red Hat, CVE lists) with a low to medium overall risk profil...
EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-2306)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address...
Open-Xchange: SSRF - Office Documents - Image URL
Through /api/oxodocumentfilter?action=addfile endpoint it is possible to insert images into documents. Handling of this request in source code is implemented here: office/com.openexchange.office.rest/src/com/openexchange/office/rest/AddFileAction.java One of options is to insert an image by...
Debian DSA-4538-1 : wpa - security update
Two vulnerabilities were found in the WPA protocol implementation found in wpasupplication station and hostapd access point. - CVE-2019-13377 A timing-based side-channel attack against WPA3's Dragonfly handshake when using Brainpool curves could be used by an attacker to retrieve the password. -...
[SECURITY] [DSA 4538-1] wpa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4538-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2019 https://www.debian.org/security/faq -...
The vulnerabilities of Internet Explorer and Microsoft Edge browsers stem from security flaws in their URL validation mechanisms. This allows attackers to circumvent existing security restrictions.
The vulnerability of Internet Explorer and Microsoft Edge is related to deficiencies in security mechanisms for checking URL addresses. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...
UBUNTU-CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
DEBIAN-CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
AZL-6972 CVE-2019-16275 affecting package wpa_supplicant for versions less than 2.9-4
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
Design/Logic Flaw
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
CVE-2019-16275
CVE-2019-16275 affects hostapd and wpa_supplicant prior to 2.10. The root cause is misvalidation of the source address on certain received 802.11 management frames when PMF (IEEE 802.11w) is enabled, enabling a denial-of-service by an attacker within radio range. Impact is Denial of Service (disc...
CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
CVE-2019-16275
hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF aka management frame protection. The attacker must send a...
UBUNTU-CVE-2019-16220
In WordPress before 5.2.3, validation and sanitization of a URL in wpvalidateredirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash...
DEBIAN-CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on...