UBUNTU-CVE-2020-11880

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

CVE-2019-14011

Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ bearer modify context reject in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,...

PVS Detach and Attach Write Cache Disk Drive Letter Changed

Detach and attach write cache disk,TD drive letter changes...

PT-2020-12913 · Gnome +2 · Gnome Evolution +2

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions prior to 3.35.91 Description: An issue was discovered where a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the...

CVE-2019-10516

CVE-2019-10516 is described as multiple read overflows in MM during decoding of service accept/reject and MT detach, affecting a broad list of Qualcomm Snapdragon platforms (e.g., APQ8009, APQ8017, SDM4xx, SM8x, SXR1130, and other Snapdragon lines). Root cause: read overflow in MM when decoding s...

Design/Logic Flaw

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017...

CVE-2019-2335

While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017...

CVE-2015-9507

CVE-2015-9507 concerns the Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress. The vulnerability is an XSS flaw caused by the misused add_query_arg function in affected builds across multiple EDD versions (1.8.x before 1.8.7; 1.9.x before 1.9.10; 2.0.x before 2.0.5; 2....

PT-2019-7466 · Sandhills Development · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2019-12150

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document neither file types nor extensions are restricted. The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI...

Arbitrary Code Execution

IBM JDK is vulnerable to arbitrary code execution. An insecure access restriction to the Attach API allows an attacker to connect to the affected resource and execute untrusted native code...

Remote Code Execution (RCE)

nuclide is vulnerable to remote code execution RCE. The vulnerability exists due to the lack of sanitization of hostname parameter for invalid character during hhvm-attach deep link handler request, allowing the malicious code to be entered via the parameter...

CVE-2018-6333

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

CVE-2018-6333

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

CVE-2018-6333

The CVE-2018-6333 issue affects Nuclide’s hhvm-attach deep link handler, where the hostname parameter was not properly sanitized when rendering, allowing a malicious URL to render HTML inside the editor and potentially chain to code execution. Affected releases are Nuclide prior to v0.290.0. Miti...

CVE-2018-6333

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

Signal Messenger for Android Message Disclosure Vulnerability

Signal Messenger for Android is an instant messaging application based on the Android platform with encryption features. An information disclosure vulnerability exists in Signal Messenger version 4.24.8 for Android, which is caused by the program retaining an image in its own cache directory when...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - July 2018

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by Rational Developer for i and Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in July 2018 CVE-2017-3736 CVE-2017-3732...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by IBM Security Guardium Data Redaction. IBM Security Guardium Data Redaction has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...