PT-2019-4775 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.16 and earlier Python versions 3.x through 3.5.7 Python versions 3.6.x through 3.6.9 Python versions 3.7.x through 3.7.4 Description: The issue is related to the email module in Python, which incorrectly parses email...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0237)

The remote OracleVM system is missing necessary patches to address critical security updates : - dm: fix race between dmgetfromkobject and dmdestroy Hou Tao CVE-2017-18203 - drm: udl: Properly check framebuffer mmap offsets Greg Kroah-Hartman Orabug: 27986407 CVE-2018-8781 - kernel/exit.c: avoid...

Unspecified Vulnerability in Rclone

Rclone is a command line program for synchronizing files and directories. A security vulnerability exists in Rclone version 1.42 that stems from the program failing to validate URL fields from the Google Cloud Storage API server. An attacker could exploit the vulnerability to pass arbitrary conte...

CVE-2017-16021

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

Null pointer dereference

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqseefusewrite could lead to untrusted pointer dereference...

Design/Logic Flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qseegetsecurestate syscall...

CVE-2015-9114

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qseequerycounter syscall could lead to untrusted pointer dereference...

CVE-2015-9109

The CVE-2015-9109 issue concerns Android devices using Qualcomm Snapdragon Automotive and Snapdragon Mobile MDM9625, SD 425/430/450/625/650/52/820/820A. The root cause is lack of address-argument validation in the inqsee_fuse_write path, which could lead to an untrusted pointer dereference. Conne...

CVE-2015-9115

CVE-2015-9115 affects Android on Qualcomm Snapdragon platforms (Automotive and Mobile MDM9625 and several Snapdragon 410/12/425/430/450/615/16/415/617/625/650/52/820/820A). The root cause is missing validation of the address argument in the qsee_prng_getdata syscall, enabling potential misuse. Re...

CVE-2018-6879

The CVE-2018-6879 entry concerns PHP Scripts Mall Website Seller Script 2.0.3 where client-side validation is used to enforce email format. The vulnerability arises because the validation can be bypassed by removing the client-side validation code, enabling a remote attacker to modify a registere...

CVE-2017-14913

In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated...

SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre)

This update for xen fixes several issues. This new feature was included : - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative...

SUSE-SU-2018:0638-1 Security update for xen

This update for xen fixes several issues. This new feature was included: - add script and sysv service to watch for vcpu online/offline events in a HVM domU These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative...

SUSE-SU-2018:0609-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks bsc1074562, bsc1068032 - CVE-2018-5683: The vgadrawtext function...

Out-of-bounds

The vgadrawtext function in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds read and QEMU process crash by leveraging improper memory address validation...

CVE-2018-5683

The vgadrawtext function in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds read and QEMU process crash by leveraging improper memory address validation...

CVE-2018-5683

The vgadrawtext function in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds read and QEMU process crash by leveraging improper memory address validation...

DEBIAN-CVE-2018-5683

The vgadrawtext function in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds read and QEMU process crash by leveraging improper memory address validation...

CVE-2018-5683

The vgadrawtext function in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds read and QEMU process crash by leveraging improper memory address validation...