Google Android Information Disclosure Vulnerability (CNVD-2019-34398)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android 10 has an information leakage vulnerability, the vulnerability stems from the existence of libxaac in Android lack of boundary checking caused by the...

About the security content of tvOS 11.4 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CVE-2019-13120

Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT Thing, which...

[SECURITY] Fedora 31 Update: exim-4.92.3-1.fc31

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

About the security content of iTunes 12.10.1 for Windows

About the security content of iTunes 12.10.1 for Windows This document describes the security content of iTunes 12.10.1 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

Wireshark Security Updates (wnpa-sec-2019-21) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

The vulnerability of the virtualization manager in Cisco IOS XE, allowing a attacker to execute arbitrary commands in the Linux kernel with root privileges.

The vulnerability of the virtualization manager in Cisco IOS XE operating systems relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the Linux base operating system with root privileges...

The vulnerability in the Web UI of the Cisco IOS XE operating system, which allows a hacker to elevate their privileges to the root level

The vulnerability of the Cisco IOS XE operating system’s Web UI is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root level remotely...

[SECURITY] Fedora 30 Update: exim-4.92.3-1.fc30

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Google Android Denial of Service Vulnerability (CNVD-2019-34133)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A denial of service vulnerability exists in Google Android. The vulnerability stems from a controlled termination due to a lack of boundary checking in the Bluetoot...

Theme Editor < 2.2 - Multiple Vulnerabilities

Versions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities aside from CSRF requi...

WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities

Multiple vulnerabilities CSRF, insufficient permission checking, arbitrary file upload found by WebARX in WordPress Theme Editor plugin versions = 2.1. Solution Update the WordPress Theme Editor plugin to the latest available version at least 2.2...

Unbreakable Enterprise kernel security update

4.14.35-1902.5.2.2 - KVM: coalescedmmio: add bounds checking Matt Delco Orabug: 30318013 CVE-2019-14821 CVE-2019-14821...

Unbreakable Enterprise kernel security update

4.1.12-124.31.1.1 - KVM: coalescedmmio: add bounds checking Matt Delco Orabug: 30318042 CVE-2019-14821 CVE-2019-14821...

openSUSE Security Update : rdesktop (openSUSE-2019-2135)

This update for rdesktop fixes the following issues : rdesktop was updated to 1.8.6 : - Fix protocol code handling new licenses rdesktop was updated to 1.8.5 : - Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server. rdesktop wa...

Security update for rdesktop (important)

openSUSE Security Update: Security update for rdesktop Announcement ID: openSUSE-SU-2019:2135-1 Rating: important References: 1121448 Cross-References: CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182...

poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class in FileSpec.cc in pdfdetach...

Flexense DiskBoss Enterprise Buffer Overflow (CVE-2018-5262)

A stack buffer overflow vulnerability exists in the web server of DiskBoss Enterprise. The vulnerability is due to the way DiskBoss Enterprise handles bounds checking. A remote, authenticated attack can lead to a stack buffer overflow...

Buffer Overflow

libexiv2.so is vulnerable to buffer overflow. The vulnerability exists due to lack of careful bounds checking in Exiv2::MrwImage::readMetadata in mrwimage.cpp, leading to an out-of-bounds read...

EVABS - Extremely Vulnerable Android Labs

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...