Design/Logic Flaw

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

UBUNTU-CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

CVE-2019-13351

CVE-2019-13351 affects JACK2 (libjack) shipped with JACK2 1.9.1–1.9.12 (as distributed with alsa-plugins 1.1.7+). The issue is a double file descriptor close in posix/JackSocket.cpp during a failed connection when jackd2 is not running. Exploitation depends on multithreaded timing of the double c...

Xpdf Memory Misreference Vulnerability

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A memory misreference vulnerability exists in the JBIG2Stream::close function in JBIG2Stream.cc in Xpdf 4.01.01. An attacker can exploit this vulnerability by sending a carefully crafte...

CVE-2019-13289

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool...

CVE-2019-13289

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool...

Design/Logic Flaw

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool...

UBUNTU-CVE-2019-13289

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool...

CVE-2019-13289

CVE-2019-13289 affects Xpdf 4.01.01, with a use-after-free vulnerability in JBIG2Stream::close() (JBIG2Stream.cc). Exploitation is demonstrated by crafting a PDF that can be processed by pdftoppm to trigger the flaw. Connected sources consistently describe the vulnerability as a memory misreferen...

CVE-2019-13289

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service. A local user is able to crash the system via vectors involving munmap and close system call due to multiple race conditions in the function madviseremove in mm/madvise.c...

UBUNTU-CVE-2019-10125

An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately e.g., by the close of a pair of pipes after the return of vfspoll, and this will cause a use-after-free...

Design/Logic Flaw

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button...

CVE-2017-7342

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button...

CVE-2018-17493

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other...

UBUNTU-CVE-2019-8397

An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5Tclosereal in H5T.c...

Amazon Linux AMI : kernel (ALAS-2019-1145)

The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition betwe...

Denial of Service Vulnerability in Configuration King 7.5sp2

KingView is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A denial of service vulnerability exists in KingView 7.5sp2. The vulnerability stems from the use of wcslen to read the length of a string when closing a file and failing to...

Managing JIRA Scrum Sprints using API

Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA API and Python. The API calls are described on the official page ...

Fedora 28 : curl (2018-fdc4ca8675)

SASL password overflow via integer overflow CVE-2018-16839 - fix use-after-free in handle close CVE-2018-16840 - fix bad arethmetic when outputting warnings to stderr CVE-2018-16842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...