CVE-2019-4322

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202...

Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Solr was addressed by IBM InfoSphere Information Server. Vulnerability Details CVE-ID: CVE-2019-0192 Description: Apache Solr could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization of untrusted data flaw in...

Google Chrome Security Updates (stable-channel-update-for-desktop_13-2019-06) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

The vulnerability of the Jet Database Engine database management system in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Jet Database Engine database management system for Windows operating systems relates to operations that go beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Microsoft Windows Common Log File System CVE-2019-0959 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1803 for 32-bit Systems Microsoft Windows 10 Version 1803 for ARM64-based...

USN-4013-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2019-6738

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

USN-4002-1: Doxygen vulnerability

It was discovered that Doxygen incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code and compromise sensitive information...

CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

CVE-2019-9865

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service crash or possibly execute arbitrary code...

CVE-2019-9865

The CVE-2019-9865 advisory covers Wind River VxWorks 6.9 prior to 6.9.1 where an RPC request can trigger an integer overflow causing an out-of-bounds memory copy. This may allow a remote attacker to cause a denial of service or possibly execute arbitrary code. Connected sources confirm affected p...

Ubuntu: Security Advisory (USN-3997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3994-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Elastic Services Controller’s network management mechanism, related to errors in API request validation, allows a perpetrator to bypass authentication procedures and execute arbitrary code.

The vulnerability of the Elastic Services Controller’s network management interface is related to errors in checking API requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code by sending a specially crafted request to the RE...

USN-3993-2: curl vulnerability

USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to...

Adobe Acrobat/Reader Memory Misreference Vulnerability (CNVD-2019-22795)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe.Adobe Acrobat is a PDF editing software developed by Adobe. A memory misreference vulnerability exists in Adobe Acrobat/Reader. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2018-14839

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code remote. The attack vector is: HTTP POST with parameters...

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-0918)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

EulerOS Virtualization 3.0.1.0 : libtiff (EulerOS-SA-2019-1437)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers...

EulerOS Virtualization 3.0.1.0 : squashfs-tools (EulerOS-SA-2019-1459)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attacke...