Google Android Denial of Service Vulnerability (CNVD-2019-41026)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A denial of service vulnerability exists in System in Android Q. An attacker can exploit this vulnerability to cause a denial of service...

Remote Command Execution Vulnerability in Coremail Argumenter Client

Coremail client Mailbox For Windows is a mail client of coremail, which fully supports the synchronization of Coremail account data and has a better application experience. A remote command execution vulnerability exists in Coremail Lobbyist Client. An attacker can exploit the vulnerability to...

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork:...

Input validation

Improper Verification of a Cryptographic Signature in OpenPGP.js =4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature...

WordPress user-role plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. user-role is a plug-in for website user management. A cross-site scripting vulnerability exists in the WordPress user-role plugin...

PT-2019-3022 · Cisco · Cisco Ucs Director Express For Big Data +2

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC Supervisor versions affected versions not specified Cisco UCS Director versions affected versions not specified Cisco UCS Director Express for Big Data versions affected versions not specified...

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

Cisco UCS Director Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data...

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

CVE-2019-1199

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrativ...

CVE-2019-1193

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

DEBIAN-CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

PT-2019-2977 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling specially crafted embedded fonts in the Windows font library. Exploitation of this issue could allow a remote attacker to execute arbitrary code a...

PT-2019-2923 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: A remote code execution issue exists in Microsoft Windows, related to the processing of .LNK files. If a malicious .LNK file is processed, an attacker could execute arbitrary code...

The vulnerability of the crop_page() function in the PoDoFo software library, which allows a hacker to trigger a service failure.

The vulnerability of the croppage function in the PoDoFo software library is related to the use of a zero pointer. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially crafted file...

GHSA-HH56-X62G-GVHC Cross-site scripting in CLEditor

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

Cross-site scripting in CLEditor

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

Cross site scripting

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...

CVE-2019-1010127

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact eg. code execution or information disclosure. The component is: The header::addFILTERdescriptor method in header.cpp. The attack vector is: The victim must open a...