Microsoft Windows win32k Information Disclosure Vulnerability (CNVD-2019-41636)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a suite of operating systems for use on personal devices.Microsoft Windows Server is a suite of server operating systems.win32k is the kernel part of one of the Windows subsystem...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2020-20381)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel. An attacker can exploit this vulnerability by tricking a user into opening a specially crafted document file to obtain sensitive...

Siemens Desigo PX 6.00 Denial Of Service

!/bin/bash Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Vendor: Siemens AG Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version: Model: PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D...

WordPress safe-svg denial of service vulnerability (CNVD-2019-41508)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. safe-svg is an SVG Scalable Vector Graphics upload plugin used in it. A denial of service vulnerability exists in WordPress safe-svg...

TYPO3 cross-site scripting vulnerability (CNVD-2019-41233)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9 and 4.5.x prior to 4.5.4. The vulnerability stems from a lack of proper validation of...

CVE-2019-18856

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled...

darylldoyle svg-sanitizer input validation error vulnerability

darylldoyle svg-sanitizer is a SVG format file cleaning tool. An input validation error vulnerability exists in versions of darylldoyle svg-sanitizer prior to 0.12.0. No detailed vulnerability details are provided at this time...

Drupal SVG Sanitizer Denial of Service Vulnerability

Drupal is the Drupal community using PHP language development of a set of open source content management system . SVG Sanitizer is one of the SVG format file cleaning module . A denial of service vulnerability exists in Drupal SVG Sanitizer 8.x-1.0-alpha1 and earlier versions, which can be...

CVE-2019-18812

A memory leak in the sofdfsentrywrite function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-c0a333d842ef...

CVE-2019-13080

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

Mozilla Firefox ESR < 24.7 Multiple Vulnerabilities

Binary data 701240.prm...

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Digital Error Vulnerability

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

DEBIAN-CVE-2018-21030

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...

Honeywell equIP and Performance Series IP Cameras

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability...

Android Malware Plaguing 45K Devices Remains a Mystery

Researchers are on the hunt for the infection vector behind a mysterious mobile malware that has infected over 45,000 Android devices in the past six months. Researchers said they have detected a surge in detections of the malware, dubbed Xhelper, which can hide itself from users, download...

CVE-2019-9757

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...

Privilege escalation

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...

CVE-2002-2439

operator new sometimes returns pointers to heap blocks which are too small. When a new array is allocated, the C++ run-time has to calculate its size. The product may exceed the maximum value which can be stored in a machine register. This error is ignored, and the truncated value is used for the...

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

Unspecified Vulnerability in CloudBees Jenkins iceScrum Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . iceScrum Plugin is used in which a projec...