Shanghai New Win-Win Information Technology Co., Ltd Au Bump Rental Car APP has Denial of Service Vulnerability

Au Rent a Car AP is a taxi and car rental software for life travel. Shanghai New Win-Win Information Technology Company Limited Au Bump Rent A Car AP suffers from a denial-of-service vulnerability, which can be exploited by an attacker to cause the application to crash by sending null, anomalous,...

CVE-2018-6156

Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2019-5298

There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of...

CVE-2018-12556

CVE-2018-12556 affects the yarnpkg/website install.sh signature verification: it only checks that the release is signed by any key in the user’s local keyring, not pinned to the yarn release key, enabling remote attackers to sign tampered yarn packages with their own key. Public documents note un...

CVE-2019-1735 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a quoted font family value...

PT-2019-1854 · Ruby On Rails +3 · Action View +3

Name of the Vulnerable Software and Affected Versions: Action View versions prior to 5.2.2.1 Action View versions prior to 5.1.6.2 Action View versions prior to 5.0.7.2 Action View versions prior to 4.2.11.1 Action View version 3 Description: There is a File Content Disclosure issue in Action Vie...

LIVE555 Invalid Memory Access Vulnerability

LIVE555 is a set of open source C++ libraries for multimedia streaming. An invalid memory access vulnerability exists in the parseAuthorizationHeader function in versions prior to LIVE555 2019.02.27. An attacker can exploit this vulnerability via a malformed header to cause a memory access error...

DouPHP suffers from an application reinstallation vulnerability

DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. DouPHP suffers from an application reinstallation vulnerability. An attacker can exploit the vulnerability to reinstall the...

EUVD-2019-10238

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of...

CVE-2019-5770

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Apache Spark Local Mobilization Vulnerability

Apache Spark is a data processing engine that supports acyclic data streaming and in-memory computation. A local elevated privilege vulnerability exists in Apache Spark. An attacker can exploit this vulnerability to gain elevated privileges...

Vulnerability of the Server component: The MySQL database management system’s options, which allow a hacker to cause a service failure.

The vulnerability of the Server component: The options of the Oracle MySQL database management system are related to insufficient access control. Exploiting this vulnerability can allow an attacker to cause a service failure...

QEMU Corrupted Memory Vulnerability (CNVD-2019-05083)

QEMU aka Quick Emulator is a suite of simulation processor software. The software is fast and cross-platform. A security vulnerability exists in the way requests are handled in QEMU. An attacker can exploit this vulnerability to corrupt memory...

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

Code Execution Vulnerability in Encrypted Video by Screen Recording Expert

Screen Recording Expert is a professional tool for making screen recordings. A code execution vulnerability exists when Screen Recording Expert encrypts videos. An attacker can exploit the vulnerability to execute code...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel arises from errors in the processing of objects in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...

e107 Cross-Site Request Forgery Vulnerability (CNVD-2018-20077)

e107 is an open source, free and PHP and MySQL based Content Management System CMS developed by the e107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-site request forgery...

Google Android System elevation of privilege vulnerability (CNVD-2018-26254)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System is a component. An elevation of privilege vulnerability exists in System in Android. An attacker can exploit this vulnerability to elevate privileges...

Arbitrary File Upload Vulnerability in the Frontend of Bizlaw eCom Information Management Software

Bizlawyer eTongue information management software is based on standardized management, the use of larger law firms needs to develop a comprehensive set of management software. There is an arbitrary file upload vulnerability in the front-end of Bizlawyer eTalk Information Management Software. An...