libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions

libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument...

Unspecified Vulnerability in LibVNCServer (CNVD-2020-36785)

LibVNCServer is a cross-platform C library that supports the implementation of VNC Virtual Network Computing server or client functionality in programs. A security vulnerability exists in LibVNCServer versions prior to 0.9.13. The vulnerability can be exploited by an attacker to access byte-align...

Anchore Engine Command Execution Vulnerability

Anchore Engine is an open source service from US-based Anchore that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and authentication. A security vulnerability exists in Anchore Engine version 0.7.0. An attacker can exploit the...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

UBUNTU-CVE-2020-12135

bson before 0.8 incorrectly uses int rather than sizet for many variables, parameters, and return values. In particular, the bsonensurespace parameter bytesNeeded could have an integer overflow via properly constructed bson input...

express-mock-middleware input validation error vulnerability

express-mock-middleware is a mock middleware. An input validation error vulnerability exists in express-mock-middleware version 0.0.6 and earlier. The vulnerability stems from a network system or product that does not properly validate input data. No detailed vulnerability details are provided at...

odata4j sql injection vulnerability (CNVD-2020-24024)

odata4j is a new open source toolkit. A SQL injection vulnerability exists in odata4j version 0.7.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerability to execute illegal SQL commands...

odata4j sql injection vulnerability

odata4j is a new open source toolkit. A SQL injection vulnerability exists in odata4j version 0.7.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerability to execute illegal SQL commands...

lodash input validation error vulnerability

lodash is an open source JavaScript utility library . An input validation error vulnerability exists in lodash version 0.0.1 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. No details of the vulnerability are provided at this time...

samurai heap buffer overflow vulnerability

samurai is a ninja-compatible build tool written in C. It can be used in a variety of ways, including. A buffer overflow vulnerability exists in the 'canonpath' function of the util.c file in samurai version 0.7. The vulnerability stems from a networked system or product performing operations in...

Particl denial of service vulnerability

Particl is a trading system that uses cryptocurrencies. A security vulnerability exists in particl 0.17 and earlier versions. An attacker could exploit the vulnerability to cause a denial of service...

Qtum Resource Management Error Vulnerability

Qtum is a suite of open source blockchain application platforms. A resource management error vulnerability exists in Qtum 0.16 and earlier versions that can be exploited by an attacker to cause a denial of service...

OPENSUSE-SU-2019:2319-1 Security update for libopenmpt

This update for libopenmpt to version 0.3.19 fixes the following issues: - CVE-2019-17113: Fixed a buffer overflow in ModPlugInstrumentName and ModPlugSampleName bsc1153102. This update was imported from the SUSE:SLE-15:Update update project...

DEBIAN-CVE-2019-16095

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c...

PrestaShop ICOMMKT connector SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.ICOMMKT connector is used in one of the ICOMMK connector . A SQL injection vulnerability...

CVE-2019-10226

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is a XSS protection...

PT-2019-11704 · Jenkins · Jenkins Jira-Ext Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins jira-ext Plugin versions 0.8 and earlier Description: The issue concerns the storage of credentials in the global configuration file on the Jenkins master. Specifically, credentials are stored unencrypted in the file...

GNU LibreDWG Buffer Overflow Vulnerability (CNVD-2019-12557)

GNU LibreDWG is a GNU Project C library for working with DWG files. A buffer overflow vulnerability exists in the 'dwgdxfBLOCKCONTROL' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service or disclose...

GNU LibreDWG Heap Buffer Overflow Vulnerability

GNU LibreDWG is a GNU Project C library for working with DWG files. A buffer overflow vulnerability exists in the 'dwgdecodeeeddata' function of the decode.c file in GNU LibreDWG version 0.7 and version 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...

GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12558)

GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLTYPE' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...