Security update for live555 (moderate)

openSUSE Security Update: Security update for live555 Announcement ID: openSUSE-SU-2019:1880-1 Rating: moderate References: 1121995 1124159 1127341 Cross-References: CVE-2019-7314 CVE-2019-9215 Affected Products: openSUSE Backports SLE-15-SP1 An update that solves two vulnerabilities and has one...

openSUSE Security Update : live555 (openSUSE-2019-1797)

This update for live555 fixes the following issues : - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. boo1127341 - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead ...

OPENSUSE-SU-2019:1797-1 Security update for live555

This update for live555 fixes the following issues: - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. boo1127341 - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead t...

Security update for live555 (moderate)

openSUSE Security Update: Security update for live555 Announcement ID: openSUSE-SU-2019:1797-1 Rating: moderate References: 1121995 1124159 1127341 Cross-References: CVE-2019-7314 CVE-2019-9215 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that solve...

The vulnerability of the PrintControl information protection software “Blockhost – Network K” lies in the lack of checks for the integrity of uploaded libraries, allowing a perpetrator to execute arbitrary code.

The vulnerability of the PrintControl information protection software “Blockhost – Network K” lies in the lack of checks for the integrity of the libraries being loaded. Exploiting this vulnerability allows a malicious actor, operating locally, to execute arbitrary code with privileges of...

PT-2019-2135 · Cisco · Cisco Directory Connector

Name of the Vulnerable Software and Affected Versions: Cisco Directory Connector affected versions not specified Description: The issue is related to uncontrolled search path elements in the search path processing of Cisco Directory Connector. This could allow an authenticated, local attacker to...

CVE-2019-0809

A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library DLL files, aka 'Visual Studio Remote Code Execution Vulnerability'...

The vulnerability of the enterprise resource management system Galaktika ERP lies in the lack of access control for the GalSrv directory, allowing an intruder to execute arbitrary codes.

The vulnerability of the Galaktika ERP resource management system is related to deficiencies in access control for the GalSrv directory, which is used in a two-tier system architecture. Exploiting this vulnerability allows an attacker with privileges as USERS to execute arbitrary code by placing...

The installer of Baidu Browser may insecurely load Dynamic Link Libraries

Overview Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...

Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Overview Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update...

The installer of PhishWall Client Internet Explorer edition may insecurely load Dynamic Link Libraries

Overview PhishWall Client Internet Explorer edition provided by SecureBrain Corporation is anti-phishing and anti-MITB software. The installer of PhishWall Client Internet Explorer edition contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

CVE-2018-6766

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...

Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files

Overview i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities. Eili Masami of...

Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Overview Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

Overview The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. DigiGnome and BlackWingCat of...

Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Overview Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability ...

Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

Overview PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab...

Installer of LhaForge may insecurely load Dynamic Link Libraries

Overview LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries

Overview Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated...

Installer of Charamin OMP may insecurely load Dynamic Link Libraries

Overview The installer of Charamin OMP provided by Charamin steering committee contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...