SVG++ Buffer Overflow Vulnerability

SVG++ aka Ssvgpp is a C++ framework that includes an SVG syntax parser, adapters for handling parsed data, and various utilities. The framework includes an SVG syntax parser, adapters for handling parsed data, and a variety of utilities.Anti-Grain Geometry AGG is a 2D rendering library used in it...

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...

PORTIER 4.4.4.2 / 4.4.4.6 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...

AudioCode 400HD Cross Site scripting

CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...

UBUNTU-CVE-2019-6131

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svgrunusesymbol, svgrunelement, and svgrunuse, as demonstrated by mutool...

Phishing Tactic Hides Tracks with Custom Fonts

An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...

Rhymix CMS Cross-Site Scripting Vulnerability

Rhymix CMS is a PHP-based content management system CMS. A cross-site scripting vulnerability exists in the index.php?module=admin&act=dispModuleAdminFileBox page in Rhymix CMS version 1.9.8.1, which can be exploited by remote attackers to inject arbitrary web script or HTML by uploading a...

CVE-2017-18330

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD...

Buffer overflow

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD...

CVE-2017-18330

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD...

Fedora 28 : libxkbcommon (2018-4295467df0)

libxkbcommon 0.8.2, CVE-2018-15853 to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors keymaps could be mapped rw and clients could thus replace the content libxkbcommon's memory issues could serve as attack...

Kirby Cross-Site Scripting Vulnerability (CNVD-2019-03334)

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby version 2.5.12. The vulnerability can be exploited by a remote attacker to upload SVG files using the "site files" Add option...

Digia Qt Segmentation Error Vulnerability

Digia Qt is a cross-platform C++ application development framework from Digia Finland. The framework can be used to develop GUI programs. A security vulnerability exists in the qsvghandler.cpp file in Digia Qt versions prior to 5.11.3. An attacker can exploit this vulnerability to cause a denial ...

DEBIAN-CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...

UBUNTU-CVE-2018-19869

An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp...

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit

Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read

Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

jenkins: Reflected XSS vulnerability

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...

SS-2018-019: Possible denial of service attack vector when flushing

More info at https://www.silverstripe.org/download/security-releases/ss-2018-019/...