Extreme CMS has a flawed logic vulnerability

Extreme CMS is a website building CMS written in PHP language. Extreme CMS has a logic flaw vulnerability that can be exploited by attackers to cause any user to modify the article logic vulnerability...

DLL Hijacking Vulnerability in WeChat PC Client

WeChat is a chatting and socializing software from Shenzhen Tencent Computer System Co. A DLL hijacking vulnerability exists in the WeChat PC client, which can be exploited by attackers to execute malicious code...

Denial of Service Vulnerability in USR-TCP232-410S

There are people networking to the Internet of Things communication technology as the core, the launch of industrial communications, LPWAN and gateway, Internet of Things module, industrial control machine, network IO controller and other networking communication equipment, including...

File Upload Vulnerability in hybbs v2.3.2

HYBBS is a PHP website program that supports plugin extensions and template extensions. A file upload vulnerability exists in hybbs v2.3.2, which can be exploited by attackers to gain control of the web server...

Dell Command Configure Code Issue Vulnerability

Dell Command Configure is a Dell USA application that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring a variety of BIOS features. A code issue vulnerability exists in Dell Command...

Ansible nxos_file_copy module input validation error vulnerability

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to distribute, manage, and program computer systems. nxosfilecopy is one of the modules that supports copying files to remote NXOS devices. An input validation error vulnerability exists ...

Ruby has an unspecified vulnerability

Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker can exploit this vulnerability to invoke arbitrary Ruby methods...

DEBIAN-CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

Input validation

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

Unspecified Vulnerability in Blackview BV7000_Pro

The Blackview BV7000Pro is a smartphone from Blackview of Hong Kong, China. A security vulnerability exists in the Blackview BV7000Pro build fingerprint: Blackview/BV7000Pro/BV7000Pro:7.0/NRD90M/1493011204:user/release-keys in the com.mediatek. A security vulnerability exists in the factorymode...

PT-2019-15782 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr CRM/ERP version 10.0.3 Description: The issue allows for Stored XSS due to JavaScript execution in an SVG image used for a profile picture. This is specifically related to the "viewimage.php?file=" endpoint, where an attacker can...

Denial of Service Vulnerability in Oceanis Browser

Maxthon is a multi-tab browser. A denial of service vulnerability exists in Maxthon Browser, which can be exploited by attackers to cause the program to crash...

Nextcloud: Improper confidentiality protection of server-side encryption keys

This vulnerability is related to the Improper integrity protection of server-side encryption keys vulnerability but leverages a different attack vector. While the previous attack broke the confidentiality of encrypted files because the public keys are not integrity-protected, this new attack brea...

GHSA-H7QW-MXRM-C6H2 Unauthenticated crypto and weak IV in Magento\Framework\Encryption

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...

CVE-2019-19045

A memory leak in the mlx5fpgaconncreatecq function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption by triggering mlx5vector2eqn failures, aka CID-c8c2a057fdc7...

UBUNTU-CVE-2019-19045

A memory leak in the mlx5fpgaconncreatecq function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory consumption by triggering mlx5vector2eqn failures, aka CID-c8c2a057fdc7...

CVE-2019-19035

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and processSOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file...

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2019-18680

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rdstcp kernel module that is loaded through an autoload via a local process running listen, or manual loading, could possibly cause a kernel panic. Mitigation While this is a network protocol being...