Information disclosure

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact eg. code execution or information disclosure. The component is: The header::addFILTERdescriptor method in header.cpp. The attack vector is: The victim must open a...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

Sql injection

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

Design/Logic Flaw

mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1...

Buffer overflow

Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...

CVE-2019-1010163

Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...

CVE-2019-2736

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows...

CVE-2019-2844

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Client Tools. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...

Design/Logic Flaw

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox 68...

CVE-2019-1010205

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

CVE-2019-11724

CVE-2019-11724 affects Mozilla Firefox prior to version 68. The issue is an access restriction bypass caused by application permissions that granted an unnecessary remote troubleshooting permission to input.mozilla.org, which has since retired and redirects elsewhere. Impact described across conn...

CVE-2019-1010241

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

CVE-2019-1010218

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...

CVE-2019-1010218

Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 Current stable is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv0 to an insane length with execl. The fixed version is: There's no fix ye...

CVE-2019-1010220

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "NDPRINTndo, "%s", buf;", in function named "printprefix", in "print-hncp.c". The attack vector is: The victim must open a...

CVE-2019-1010232

Juniper juniper/libslax libslax latest version as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018 is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601funtion:slaxGetInput. The attack vector is: ./slaxproc --slax-to-xslt POC0...

CVE-2019-1010232

Juniper juniper/libslax libslax latest version as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018 is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601funtion:slaxGetInput. The attack vector is: ./slaxproc --slax-to-xslt POC0...

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

Microsoft Windows rpcss.dll Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows rpcss.dll. An attacker...

CVE-2019-1010241

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...