E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability

Summary A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Test...

MGASA-2020-0006 Updated shadowsocks-libev packages fix security vulnerabilities

Updated shadowsocks-libev packages fix security vulnerabilities: Exploitable denial-of-service vulnerability exists in the UDPRelay functionality CVE-2019-5163. Code execution vulnerability in the ss-manager binary CVE-2019-5164...

EulerOS 2.0 SP3 : freerdp (EulerOS-SA-2019-2580)

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted serve...

MGASA-2019-0378 Updated kdelibs4 packages fix security vulnerability

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction CVE-2019-14744...

OPENSUSE-SU-2019:2667-1 Security update for shadowsocks-libev

This update for shadowsocks-libev fixes the following issues: - Update version to 3.3.3 Refine the handling of suspicious connections. Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality boo1158251, CVE-2019-5163 Fix code execution vulnerability in the ss-manager...

Debian: Security Advisory (DLA-2025-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code Execution Vulnerability in Ocean Cms v10 Version

SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. SeaCMS v10 version of the existence of code execution vulnerabilities, attackers can exploit the vulnerability to execute arbitrary code to obtain server privileges...

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution...

74cms v4.2.111 code execution vulnerability in background Tp***.php

Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms v4.2.111 Tp.php code execution vulnerability in the background, an attacker can use the vulnerability to remotely execute code to obtain server privilege...

CVE-2019-19275

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

OPENSUSE-SU-2019:2558-1 Security update for apache2-mod_perl

This update for apache2-modperl to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account bsc1156944. Other issue addressed: - Restore process name after svsetpvmg call...

Sensio Labs Symfony Code Execution Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A code execution vulnerability exists in Sensio Labs Symfo...

FasterXML jackson-databind input validation error vulnerability (CNVD-2019-41720)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . An input validation error vulnerability exists in FasterXML jackson-databind. An attack could exploit this vulnerability to execute malicious...

Code Execution Vulnerability in Online Titanium Article Management System (OTCMS)

Nettitanium technology is committed to article management system, article news CMS, webmaster tools class of research and development, Nettitanium article management system station adopts mainstream DIV + CSS framework layout, applicable to the news release type of website, but also applies to...

Security Update for Microsoft Office 2016 (KB4484113) 64-Bit Edition

A security vulnerability exists in Microsoft Office 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

EulerOS 2.0 SP5 : e2fsprogs (EulerOS-SA-2019-2140)

According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The e2fsprogs package contains a number of utilities for creating,checking, modifying, and correcting any inconsistencies in second,third and...

OPENSUSE-SU-2019:2441-1 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via envpathinfo underflow in fpmmain.c bsc1154999. This update was imported from the SUSE:SLE-15:Update update project...

Security fix for the ALT Linux 8 package sudo version 1:1.8.28-alt1

1:1.8.28-alt1 built Oct. 31, 2019 Ivan Zakharyaschev in task 240030 Oct. 15, 2019 Evgeny Sinelnikov - Update to autumn security release closes: 37334 - Code execution with euid==0 in rare box configurations fixes: CVE-2019-14287 - Fix post script for sudowheel control in case of upgrade in not...

CVE-2019-15678

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity...

Security Updates for Microsoft Office Online Server Apps (May 2019)

The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who...