PT-2019-2637 · Jenkins · Jenkins Pipeline Remote Loader Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Remote Loader Plugin versions 1.4 and earlier Description: The issue is related to the custom whitelist for script security in the Jenkins Pipeline Remote Loader Plugin, which allowed attackers to invoke arbitrary methods and...

Fuji Electric Alpha7 PC Loader A7P File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha7. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Intel Dynamic Application Loader Buffer Overflow Vulnerability

Intel Dynamic Application Loader DAL is a dynamic application loader from Intel Corporation USA. It supports running Java code on CSME firmware. A buffer overflow vulnerability exists in the subsystem in Intel DAL versions prior to 12.0.35. The vulnerability stems from a networked system or produ...

ALPINE-CVE-2019-12218

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

DEBIAN-CVE-2019-12218

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL2image function...

Simple DirectMedia Layer Code Issue Vulnerability

Simple DirectMedia Layer SDL is a multi-platform library for accessing low-level hardware and graphics and providing support for games, software and emulators. A code issue vulnerability exists in the libSDL2.a file in SDL version 2.0.9. The vulnerability arises from an improperly designed or...

CVE-2019-0086

Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access...

Improper access control

Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access...

CVE-2019-0086

Insufficient access control vulnerability in Dynamic Application Loader software for IntelR CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and IntelR TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access...

Fuji Electric Alpha7 PC Loader

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: Alpha7 PC Loader Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

New Electrum DDoS botnet steals $4.6M after infecting 152,000 hosts

By Ryan De Souza The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions. Threat actors who previously targeted cryptocurrency wallets through Distributed Denial of Service DDoS attacks have now launched another malware...

EfiGuard - Disable PatchGuard And DSE At Boot Time

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement DSE. Features Currently supports all EFI-compatible versions of Windows x64 ever released, from Vista SP1 to Server...

CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

DEBIAN-CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

CVE-2017-7777

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::readglyph function...

UBUNTU-CVE-2019-10877

In Teeworlds 0.7.2, there is an integer overflow in CMap::Load in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled...

Code injection

TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / ...

CVE-2018-11970

CVE-2018-11970 affects Qualcomm Snapdragon platforms (Auto/Compute/CE Connectivity/IOT/Industrial IOT/Mobile including MDM9xxx, QCS605, SD family) where TZ App dynamic allocations are not protected from the XBL loader. Root cause per CVE notes is unprotected dynamic allocations in the TZ app with...