Vulnerability fixed in OpenSSL

The developers of OpenSSL have mitigated a vulnerability. The vulnerability consists of some implementations of OpenSSL, the configuration file and possibly executables of OpenSSL can be modified by a local malicious person logged in as a user logged in. The developers indicate that the number of...

CVE-2019-10181

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

DEBIAN-CVE-2019-10181

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

Code injection

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

Exe hijacking vulnerability in FireWool security software

Firedown Security is a computer security software. FireFlush Security Software suffers from an exe hijacking vulnerability that can be exploited by an attacker to execute arbitrary code on the victim's machine...

DEBIAN-CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

CVE-2019-14295

CVE-2019-14295 affects UPX 3.95: an Integer overflow in getElfSections (p_vmlinx.cpp) can cause a DoS crash by allocating excessive memory when a crafted skewed offset exceeds the PE section size in a UPX-packed executable. Related CVE-2019-14296 canUnpack in the same file may cause SEGV/buffer o...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

DEBIAN-CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-1010209

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.phpL5637. The fixed version is: 1.4.14...

Code injection

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

Code injection

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.phpL5637. The fixed version is: 1.4.14...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

CVE-2019-11696

CVE-2019-11696 affects Mozilla Firefox before 67.0. Files with the .JNLP extension used for Java Web Start are not treated as executable content during download prompts, yet they can be executed if Java is present, enabling a user to inadvertently launch a local executable. Impact details in conn...

EulerOS 2.0 SP5 : libffi (EulerOS-SA-2019-1756)

According to the version of the libffi packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that...

Avast Antivirus Local Denial of Service Vulnerability

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A security vulnerability exists in Avast Antivirus versions prior to 19.4. The vulnerability can be exploited to bypass the Avast self-protection mechanism and rename important binary files e.g. AvastSvc.exe file,...

Citrix Systems SD-WAN Center and NetScaler SD-WAN Center Command Injection Vulnerabilities

Citrix Systems SD-WAN Center is a centralized management system from Citrix Systems USA. The system is primarily used to configure, monitor and analyze all Citrix SD-WAN devices on the WAN. A command injection vulnerability exists in Citrix Systems SD-WAN Center versions 10.2.x prior to 10.2.3 an...

CVE-2019-1010101

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...