540 matches found
PT-2019-11704 · Jenkins · Jenkins Jira-Ext Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins jira-ext Plugin versions 0.8 and earlier Description: The issue concerns the storage of credentials in the global configuration file on the Jenkins master. Specifically, credentials are stored unencrypted in the file...
GNU LibreDWG Heap Buffer Overflow Vulnerability
GNU LibreDWG is a GNU Project C library for working with DWG files. A buffer overflow vulnerability exists in the 'dwgdecodeeeddata' function of the decode.c file in GNU LibreDWG version 0.7 and version 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...
GNU LibreDWG Buffer Overflow Vulnerability (CNVD-2019-12557)
GNU LibreDWG is a GNU Project C library for working with DWG files. A buffer overflow vulnerability exists in the 'dwgdxfBLOCKCONTROL' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service or disclose...
GNU LibreDWG null pointer back-reference vulnerability (CNVD-2019-12558)
GNU LibreDWG is a GNU Project C library for working with DWG files. A null pointer back-reference vulnerability exists in the 'dwgdxfLTYPE' function of the dwg.spec file in GNU LibreDWG version 0.7 and 0.7.1645. An attacker could exploit this vulnerability to cause a denial of service...
OpenSC Memory Leak Vulnerability
OpenSC is an open source smart card tool and middleware. A security vulnerability exists in the 'sccontextcreate' function in the ctx.c file of libopensc in OpenSC version 0.19.0. An attacker can exploit this vulnerability to cause a denial of service memory leak...
yaml-cpp denial of service vulnerability (CNVD-2019-01859)
yaml-cpp aka LibYaml-C++ is a C++ parser for use in YAML. A security vulnerability exists in the YAML::SingleDocParser of the singledocparser.cpp file in yaml-cpp version 0.6.2. A remote attacker can exploit this vulnerability to cause a denial of service with the help of the cpp file...
Cloud Foundry Container Runtime Information Disclosure Vulnerability
Cloud Foundry Container Runtime is a system from the US-based Cloud Foundry Foundation that provides a unified way to instantiate, deploy, and manage Kubernetes clusters. An information disclosure vulnerability exists in Cloud Foundry Container Runtime kubo-release prior to version 0.14.0, which...
xunfeng Command Injection Vulnerability
xunfeng is a rapid vulnerability response and asset scanning system for enterprise intranets. A command injection vulnerability exists in xunfeng version 0.2.0, which stems from the failure of the masscan.py file to properly handle backquote characters and can be exploited by an attacker to execu...
PT-2018-16250 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The issue arises from the device's incorrect handling of spaces in the URL field of the smart cameras RTSP configuration, leading to an arbitrary operating system command...
crud-file-server node module path traversal vulnerability
The crud-file-server node module is a file server that supports create, read, update and delete functions. A path traversal vulnerability exists in the crud-file-server node module prior to version 0.9.0, which stems from the program's failure to properly verify the url, and can be exploited by a...
elfutils 'ebl_dynamic_tag_name' function buffer overflow vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A buffer overflow vulnerability exists in the 'ebldynamictagname' function of the libebl/ebldynamictagname.c file in elfutils version 0.170, which stems from the program's lack of support for...
ArsenoL vulnerable to cross-site scripting
Overview ArsenoL provided by FlaFla... is software that can be downloaded from the Internet. ArsenoL is a dictionay software that is placed on a website used to post words and their meanings. ArsenoL contains a cross-site scripting vulnerability CWE-79 where an arbitrary script may be executed wh...
Western Bridge Cobub Razor Cross-Site Request Forgery Vulnerability
Western Bridge Cobub Razor is an open source mobile application analytics system. The system can provide users with detailed multi-dimensional reports and monitor their mobile applications and applications user behavior statistics. A cross-site request forgery vulnerability exists in Western Brid...
UBUNTU-CVE-2018-7752
GPAC through 0.7.1 has a Buffer Overflow in the gfmediaavcreadsps function in mediatools/avparsers.c, a different vulnerability than CVE-2018-1000100...
CVE-2012-6709
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...
Exiv2 'readHeader' Function Denial of Service Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A security vulnerability exists in the 'readHeader' functi...
UBUNTU-CVE-2017-16883
The outputSWFTEXTRECORD function in util/outputscript.c in libming = 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file...
PYSEC-2017-134
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack...
Lemur has an unspecified vulnerability
Lemur is a Python based TLS certificate management tool. A security vulnerability exists in Lemur version 0.1.4, which stems from the program's failure to use a random IV when encrypting AES.No detailed information about the vulnerability is currently available...
PT-2017-12152 · Sipcrack +1 · Sipcrack +1
Name of the Vulnerable Software and Affected Versions: SIPcrack version 0.2 Description: A memory leak was discovered in the way SIPcrack handles SIP traffic processing due to mismanagement of a lines array. This issue could allow a remote attacker to potentially crash long-running sipdump networ...