Security Bulletin: IBM PureData System for Operational Analytics is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerabilit...

CVE-2019-16519

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks...

NetApp SnapManager for Oracle CVE-2019-5507 Unspecified Local Information Disclosure Vulnerability

Description NetApp SnapManager for Oracle is prone to an unspecified local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information or perform unauthorized actions on data. Versions prior to NetApp SnapManager for Oracle 3.4.2P1 are vulnerable...

CVE-2019-16253

Samsung Text-to-Speech (SamsungTTS) prior to 3.0.02.7 and 3.0.00.101 on Android is vulnerable to local privilege escalation. The issue stems from how SamsungTTS handles data from the TTS engine and debugging/package-manager flags, allowing a local attacker to obtain system privileges (UID 1000) o...

CVE-2019-16714

In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized...

CVE-2019-11166

Improper file permissions in the installer for IntelR Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack...

Input validation

Improper file permissions in the installer for IntelR Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack...

CVE-2019-11166

Improper file permissions in the installer for IntelR Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack...

USN-4133-1 Wireshark vulnerabilities

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file...

CVE-2019-11769

CVE-2019-11769 affects TeamViewer 14.2.2558. The issue arises when updating as a non-administrative user, where GUI-entered administrative credentials are processed in Teamviewer.exe and can be intercepted in cleartext in the non-admin process memory. This enables a local attacker to obtain crede...

CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation...

CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String

There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provided to the decoder are null terminated. It should use...

CVE-2019-1010189

mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1...

DEBIAN-CVE-2019-1010189

mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1...

CVE-2019-1010189

mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1...

UBUNTU-CVE-2019-1010189

mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1...

DEBIAN-CVE-2019-1010190

mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1...

Design/Logic Flaw

mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1...

PT-2019-11501 · Mgetty +1 · Mgetty +1

Name of the Vulnerable Software and Affected Versions: mgetty versions prior to 1.2.1 Description: The issue is related to an infinite loop, which can cause a denial of service DoS as the program never terminates. This is due to a problem in the g3/g32pbm.c component. The attack vector is local,...