PT-2019-4396 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.8 Description: The issue is related to a memory leak in the clock source create function under /gpu/drm/amd/display/dc in the Linux kernel. This leak can be exploited by a remote attacker to cause a denial o...

CVE-2019-17056

llcpsockcreate in net/nfc/llcpsock.c in the AFNFC network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176...

UBUNTU-CVE-2019-17052

ax25create in net/ax25/afax25.c in the AFAX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768...

UBUNTU-CVE-2019-17054

atalkcreate in net/appletalk/ddp.c in the AFAPPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c...

PT-2019-6419 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to errors in memory release in the dcn create resource pool function of the Linux kernel, which can lead to a memory leak. This can be exploited by a remote attack...

CVE-2019-16664

ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

CVE-2019-16293

Open-AudIT is affected by CVE-2019-16293 for versions prior to 3.2.0. The issue arises in the Create Discoveries feature, allowing an authenticated attacker to execute arbitrary OS commands by injecting a crafted value into a URL field. The Red Hat advisory confirms the same description. The avai...

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...

PT-2019-6283 · Nlnet +5 · Unbound +5

Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...

Cross site request forgery (csrf)

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15496

The CVE-2019-15496 entry concerns MyT Project Management 1.5.1, which reportedly lacks CSRF protection and enables a CSRF attack that could trick an administrator into executing arbitrary code via a crafted HTML page. The connected sources confirm the affected product/version and the underlying i...

Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30064)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the AddResolution.jspa resource in Jira. A remote attacker could exploit the vulnerability to create new solutions...

Cross site scripting

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...

CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...