1555 matches found
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
Design/Logic Flaw
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
MGASA-2019-0229 Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
OPENSUSE-SU-2019:1929-1 Security update for LibreOffice
This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.5.2 fate327121 bsc1128845 bsc1123455, bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb bsc1135189 - PPTX: Rectangle...
GHSA-6R97-CJ55-9HRQ SQL Injection in Django
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked
The European Central Bank ECB confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank ECB is the...
CVE-2019-13456
An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...
DEBIAN-CVE-2015-9290
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1GetPrivateDict where there is no check that the new values of cur and limit are sensible before going to Again...
Foxit PhantomPDF Denial of Service Vulnerability (CNVD-2019-24201)
PhantomPDF is a multifunctional PDF editor. A denial of service vulnerability exists in Foxit PhantomPDF versions prior to 8.3.11. The vulnerability stems from a duplicate release of the signature dictionary during the CSGSignatureF and CPDFDocument destructuring process. An attacker can exploit...
CVE-2019-14213
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSGSignatureF and CPDFDocument destruction...
CVE-2019-14213
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSGSignatureF and CPDFDocument destruction...
CVE-2019-14208
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary...
CVE-2019-14208
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary...
Null pointer dereference
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary...
CVE-2019-14213
CVE-2019-14213 affects Foxit PhantomPDF before 8.3.11. The issue is a crash caused by repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. Impact is a crash/DoS vector as described in multiple sources. Remediation: upgrade to version 8.3.11 or later wh...
CVE-2019-14213
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSGSignatureF and CPDFDocument destruction...
CVE-2019-14208
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary...
CVE-2019-14208
CVE-2019-14208 affects Foxit PhantomPDF prior to 8.3.10. The issue is a NULL pointer dereference that can crash the application when extracting a PDF object from a document or when parsing a portfolio containing a null dictionary. This vulnerability is documented across multiple sources (NVD/NVD-...
PT-2019-13537 · Foxit · Foxit Phantompdf
Name of the Vulnerable Software and Affected Versions: Foxit PhantomPDF versions prior to 8.3.11 Description: The issue is related to the repeated release of the signature dictionary during CSG SignatureF and CPDF Document destruction, which could cause the application to crash. Recommendations:...