CVE-2018-10388

CVE-2018-10388 affects TFTP Server SP (versions 1.66 and earlier). The vulnerability is a format string issue in the logMess function, enabling remote attackers to cause denial of service or execute arbitrary code via format string sequences in a TFTP error packet. The available connected sources...

USN-4214-2: RabbitMQ vulnerability

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary cod...

CVE-2019-13725

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

EulerOS 2.0 SP5 : gc (EulerOS-SA-2019-2526)

According to the version of the gc package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service heap buffer overflow crash and...

EulerOS 2.0 SP2 : python-crypto (EulerOS-SA-2019-2511)

According to the version of the python-crypto package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to...

CVE-2019-15284

Consolidated details confirm CVE-2019-15284 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The root cause is insufficient validation of certain elements within ARF/WRF Webex recordings, enabling an attacker to execute arbitrary code on a targeted syst...

CVE-2014-6310

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function...

CVE-2019-16110

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream...

IBM Bigfix Platform Arbitrary File Upload (CVE-2019-4013)

An Arbitrary File Upload vulnerability exists in IBM Bigfix Platform. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

EulerOS 2.0 SP5 : ntp (EulerOS-SA-2019-2215)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by...

Updated freetds packages fix security vulnerability

Updated freetds packages fix security vulnerability: Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Apple iTunes Security Updates (HT210726)

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...

CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...

USN-4173-1: FreeTDS vulnerability

Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Ubuntu: Security Advisory (USN-4168-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in MongoDB server affect IBM Cloud App Management

Summary There are vulnerabilities in MongoDB used by IBM® Cloud App Management. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2019-2389 DESCRIPTION: MongoDB Server is vulnerable to a denial of service, caused by a flaw in the SysV...

KLA11589 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Heap buffer overflow...