CVE-2019-3817

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-3915-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3915-1 advisory. It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Integer overflow

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2019-07254)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including: DB2 Connect Server based on Linux, UNIX a...

CVE-2019-4016

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894...

CVE-2018-8790

CVE-2018-8790 affects Check Point ZoneAlarm 15.3.064.17729 and earlier, where a WCF service is exposed that enables a local, low-privileged user to execute arbitrary code with SYSTEM privileges. The description in the CVE confirms the vulnerability vector and impact as SYSTEM remote code executio...

SUSE Supportutils Command Injection Vulnerability

SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A command...

Buffer Overflow Vulnerability in Multiple Qualcomm Products

The Qualcomm MDM9206 and others are a central processing unit CPU product of Qualcomm Incorporated. A buffer overflow vulnerability exists in multiple Qualcomm products, which arises from a program's failure to validate input of data from user space and can be exploited by an attacker to execute...

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

Microsoft Windows gdiplus bHandleExtCreateFont Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

IBM Security Identity Manager Code Injection Vulnerability

IBM Security Identity Manager is a suite of identity management and governance solutions from IBM in the United States. A code injection vulnerability exists in IBM Security Identity Manager, which allows remote attackers to exploit the vulnerability by submitting a special request that can be us...

Design/Logic Flaw

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerability (USN-3866-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-1 advisory. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...

CVE-2018-19017

Several use after free vulnerabilities have been identified in CX-Supervisor Versions 3.42 and prior. When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the...

Arbitrary Code Execution

samba is vulnerable to arbitrary code execution. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code...

USN-3857-1: PEAR vulnerability

Fariskhi Vidyan discovered that PEAR ArchiveTar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code...

Design/Logic Flaw

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...

The vulnerability of the Sandbox Protection Mechanism component of the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to bypass the sandbox protection mechanism and execute arbitrary code.

The vulnerability of the Sandbox Protection Mechanism, a component of the software for processing, transforming, and generating Ghostscript documents, is related to insufficient access control. Exploiting this vulnerability could allow an intruder, operating locally, to bypass the sandbox...