CVE-2018-19392

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password including the default "admin" account, without prior knowledge of their password. All that is required is knowledge of the...

SAP J2EE Engine Cross-Site Scripting Vulnerability (CNVD-2019-07213)

SAP J2EE Engine is a set of runtime environments for J2EE applications. A cross-site scripting vulnerability exists in SAP J2EE Engine. An attacker can exploit the vulnerability to conduct a cross-site scripting attack...

CVE-2019-9737

Editor.md 1.5.0 has DOM-based XSS via vectors involving the 'EMBED SRC="data:image/svg+xml' substring...

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in...

Information disclosure

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

CVE-2018-19636

Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges...

Denial of Service Vulnerability in Configuration King 6.60 SP3

KingView is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A denial of service vulnerability exists in KingView 6.60 SP3. The vulnerability stems from a failure to validate the SVG format, which can be exploited by an attacker to cause...

gdal/gdal_vector_translate_fuzzer: Heap-use-after-free in VSIFCloseL

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=5767757281361920 Project: gdal Fuzzer: aflgdalvectortranslatefuzzer Fuzz target binary: gdalvectortranslatefuzzer Job Type: aflasangdal Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash...

Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability

A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...

HDF HDF5 out-of-bounds read vulnerability (CNVD-2019-42550)

HDF5 is a data model, library, and file format for storing and managing data. An out-of-bounds read vulnerability exists in the H5VMmemcpyvv function in H5VM.c in HDF HDF5 1.10.4 when called from H5Dcompactreadvv in H5Dcompact.c. An attacker can exploit this vulnerability to obtain information...

The vulnerability of the GnuTLS cryptographic library, related to an error in verifying decrypted RSA data, allows a perpetrator to gain access to protected information.

The vulnerability of the GnuTLS cryptographic library is related to an error in the verification of decrypted RSA data. Exploiting this vulnerability could allow an attacker to gain access to protected information by using a secondary cache channel...

DEBIAN-CVE-2019-9151

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VMmemcpyvv in H5VM.c when called from H5Dcompactreadvv in H5Dcompact.c...

CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

DEBIAN-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

UBUNTU-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel is caused by a buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Code injection

The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

CVE-2019-8341

An issue was discovered in Jinja2 2.10. The fromstring function is prone to Server Side Template Injection SSTI where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and...

Multiple Lexmark Product Input Validation Vulnerabilities

Lexmark is an American developer and manufacturer of printers. An input validation vulnerability exists in multiple Lexmark products, which could be exploited by an attacker to perform a delete operation...