Google Android Library Buffer Overflow Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in Google Android Library. An attacker can exploit the vulnerability to execute code...

F5 BIG-IP AFM SQL Injection Vulnerability

F5 BIG-IP AFM is an advanced firewall product for protection against DDos attacks. F5 BIG-IP AFM suffers from a SQL injection vulnerability, which can be exploited by remote attackers to submit a special SQL request to manipulate a database, obtain sensitive information or execute arbitrary code...

Ubuntu 16.04 LTS / 18.04 LTS : Whoopsie regression (USN-4170-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4170-2 advisory. USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize fo...

Ubuntu 16.04 LTS / 18.04 LTS : Whoopsie vulnerability (USN-4170-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4170-1 advisory. Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of...

(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue results from storing credentials in...

Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-37373)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX. An attacker can exploit this...

WordPress Pont theme elevation of privilege vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Pont theme is a multi-purpose website theme plugin used in it. An elevation of privilege vulnerability exists in WordPress Pont theme. ...

Input validation

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

CVE-2019-15277 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...

CVE-2019-10759

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

CVE-2019-17107

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the commandhostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect...

Apple macOS/iCloud for Windows/iTunes CVE-2019-8745 Buffer Overflow Vulnerability

Description Apple macOS/iCloud for Windows/iTunes are prone to a buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue has been fixed in:...

VMware Horizon View Client 5.x < 5.2.0 Use-After-Free (VMSA-2019-0014)

The version of VMware Horizon View Client installed on the remote host is 5.x prior to 5.2.0. It is, therefore, affected by a use-after-free error in the virtual sound device that allows a local attacker on the guest machine with low privileges to execute code on the host. Note that Nessus has no...

ESXi 6.0 / 6.5 / 6.7 Use-After-Free (VMSA-2019-0014)

The remote VMware ESXi host is version 6.0, 6.5 or 6.7 and is affected by a use-after-free error in the virtual sound device that allows a local attacker on the guest machine with low privileges to execute code on the host. Note that Nessus has not tested for this issue but has instead relied onl...

Jenkins Skytap Cloud CI Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Skytap Cloud CI. Authentication is required to exploit this vulnerability. The specific flaw exists within the Skytap Cloud CI plugin. The issue results from storing credentials in...

Google Chrome Mojo Resource Management Error Vulnerability

Google Chrome is a web browser. A security vulnerability in Google Chrome Mojo allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be tricked into parsing by users, which can crash applications or execute arbitrary code...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Buffer overflow

An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior...