CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2774

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Temp directory in GOG Galaxy 1.2.48.36 Windows 64-bit Installer. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with...

Stack overflow

An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...

Design/Logic Flaw

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability...

Null pointer dereference

An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot...

CVE-2018-4027

An exploitable denial-of-service vulnerability exists in the XMLUploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or...

CVE-2018-4028

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POS...

Rockwell Automation Micrologix 1400 <= 21.2 Ladder Logic Overwrite

Binary data 720216.prm...

CVE-2018-4067

An exploitable information disclosure vulnerability exists in the ACEManager templateload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

CVE-2019-2721

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2019-2681

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

CVE-2019-2652

CVE-2019-2652 affects Oracle E-Business Suite iStore, Shopping Cart subcomponent. Vulnerable in supported E-Business Suite versions 12.1.1–12.2.8; attack surface is Oracle iStore via HTTP. The vulnerability allows an unauthenticated remote attacker with network access to compromise iStore and may...

CVE-2019-2618

CVE-2019-2618 affects Oracle WebLogic Server (WLS Core Components) in Oracle Fusion Middleware. Affected versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0. The issue is a directory traversal/file-upload flaw that can permit a high-privileged, unauthenticated or authenticated attacker over HTTP to writ...

CVE-2019-2581

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug...

CVE-2018-4006

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker wou...

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...