7643 matches found
CVE-2019-6202
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges...
CVE-2019-6205
CVE-2019-6205 is a local kernel memory corruption issue in Apple platforms where memory shared between processes could be unexpectedly modified due to insufficient lock state checking in the kernel vm_map handling. Affected products include iOS, macOS, and tvOS. Impact stated as memory corruption...
CVE-2019-6205
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes...
CVE-2019-6221
CVE-2019-6221 affects Apple Core Media (and is referenced in iTunes 12.9.3 for Windows) as an out-of-bounds read vulnerability that could allow a malicious app to elevate privileges. Apple advisories indicate fixes in iOS 12.1.3, macOS Mojave 10.14.3, and iTunes 12.9.3 for Windows through improve...
CVE-2019-6231
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory...
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-18710 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by improper bounds checking in...
Vulnerability of the .NET Framework software platform, related to errors in the mechanism for checking the source file metadata, allows a perpetrator to execute arbitrary code with privileges of the current user.
The vulnerability of the .NET Framework software platform is related to errors in the mechanism for checking the source code of files. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with privileges of the current user, using a specially craft...
Buffer Overflow Vulnerability in iSmartViewPro Software
iSmartViewPro is a network surveillance software to monitor your home or store in real time. Users can add, edit or delete devices, watch videos in real time, control the PTZ by sliding or pressing buttons, set video parameters, capture pictures, playback videos, set alarms, etc. It can be used t...
AIX 7.2 TL 2 : tcpdump (IJ12982)
https://vulners.com/cve/CVE-2018-19519 https://vulners.com/cve/CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the printprefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer...
AIX 7.2 TL 3 : tcpdump (IJ12983)
https://vulners.com/cve/CVE-2018-19519 https://vulners.com/cve/CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the printprefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer...
Kanboard 1.2.7 Code Execution / Cross Site Request Forgery Vulnerabilities
Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to...
CVE-2019-5766
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-5766
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2019-5766
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-5766
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-5766
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2019-0105
Insufficient file permissions checking in install routine for IntelR Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access...
The vulnerability of the sec_merge_hash_lookup function in the GNU Binutils development tool, related to incorrect checking of memory access boundaries, allows a hacker to trigger a service failure.
The vulnerability of the secmergehashlookup function in the GNU Binutils development tooling is related to improper checking of memory access boundaries, which can lead to reading beyond the buffer’s bounds, especially when the size of a segment is not a multiple of the size of a single record...
EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1022)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling CVE-2018-16802 - ghostscript...
Denial Of Service (DoS)
libspice.so is vulnerable to denial of service. The vulnerability is possible because the function memslotgetvirt lacks the proper boundary checking for slotid array in memslot.c, which is calculated using a QXLPHYSICAL address set by the guest QXL driver, thereby allowing an attacker to input...