Amazon Linux AMI : libssh2 (ALAS-2019-1254)

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-3855 An integer...

Important: libssh2

Issue Overview: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.CVE-2019-38...

NewStart CGSL MAIN 4.05 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0169)

The remote NewStart CGSL host, running version MAIN 4.05, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker wh...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0073)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote...

ImageMagick <= 7.0.8-49 Multiple Vulnerabilities - Linux

ImageMagick is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-18469

cPanel before 62.0.17 allows demo accounts to execute code via an NVDatafetchinc API call SEC-233...

CVE-2017-18435

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API SEC-238...

CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats SEC-362...

CVE-2019-14405

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg SEC-487...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

Cross site scripting

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

Oracle VirtualBox WINED3DSIH_TEX Opcode Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handlin...

Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

CVE-2019-1010023

GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstrea...

JetBrains IntelliJ IDEA Ultimate Code Execution Vulnerability

JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. A code execution vulnerability exists in JetBrains IntelliJ IDEA Ultimate. A remote attacker could exploit the vulnerability to execute code...

CVE-2019-10104

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration for Tomcat, Jetty, Resin, or CloudBees with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of...