CVE-2019-16879

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function CWE-306 vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or...

PT-2020-5472 · Sqlite +5 · Sqlite +5

Name of the Vulnerable Software and Affected Versions: SQLite versions through 3.31.1 Description: The issue allows attackers to cause a denial of service, resulting in a segmentation fault, via a malformed window-function query. This is due to the mishandling of the AggInfo object's...

CVE-2019-10794

All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-20162

An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gfisomboxparseex in isomedia/boxfuncs.c...

CVE-2019-20160

GPAC versions 0.8.0 and 0.9.0-development-20191109 contain a stack-based buffer overflow in av1_parse_tile_group() within media_tools/av_parsers.c. The CVE-2019-20160 entry is corroborated across multiple sources (NVD and Red Hat, etc.). The available documents specify the vulnerable function and...

Integer overflow

An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixeldecoderawimpl at fromsixel.c...

CVE-2019-18251

In Omron CX-Supervisor, Versions 3.5 12 and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit...

Design/Logic Flaw

In Omron CX-Supervisor, Versions 3.5 12 and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit...

CVE-2019-19203

An issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function gb18030mbcenclen in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read...

Omron CX-Supervisor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-318-04 Omron CX-Supervisor...

The vulnerability of the Open function in the VideoLAN VLC media player’s modules/demux/tta.c file allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Open function in the VideoLAN VLC media player’s modules/demux/tta.c file is related to numerical processing errors. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

The vulnerability of the compression function in the Zstandard library allows a hacker to execute arbitrary code.

The vulnerability of the compression function in the Zstandard library for data compression is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2019-13559 · Mpg321 +1 · Mpg321 +1

Name of the Vulnerable Software and Affected Versions: mpg321 version 0.3.2 Description: The issue allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file, specifically through the scan function in mad.c. Recommendations: For mpg321 version 0.3.2, consider...

The vulnerability of the __strlen_sse2_pminub function in the infotocap utility from the ncurses-bin package allows a hacker to cause a service failure.

The vulnerability of the strlensse2pminub function located in the file sysdeps/x8664/multiarch/strlen-sse2-pminub.S:39 in the infotocap utility from the ncurses-bin package is related to errors in pointer arithmetic. Exploiting this vulnerability could allow an attacker to cause a system failure ...

Mongoose Buffer Overflow Vulnerability

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features such as TCP, HTTP client and server, WenSocket client and server. A buffer overflow vulnerability exists in the 'parsemqtt' function of the mgmqtt.c file in Cesanta Mongoose versions pri...

The vulnerability of the FindMe function in the microprogramming software of Cisco TelePresence Video Communication Server and the Cisco Expressway software allows a perpetrator to perform arbitrary actions within the vulnerable system.

The vulnerability of the FindMe function in the microprogramming software of Cisco TelePresence Video Communication Server and the Cisco Expressway software is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions o...

Xpdf PE Vulnerability (CNVD-2019-22436)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A PE vulnerability exists in the PostScriptFunction::exec function in Function.cc in Xpdf 4.01.01 in the psOpIdiv scenario. No detailed vulnerability details are provided at this time...

SQL injection vulnerability in joomla! Boo*** component rev*** function

joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the joomla! Boo component rev function. The vulnerability allows attackers to obtain sensitive information about the database...

The vulnerability of the Parus-Budget enterprise automation system allows a perpetrator to execute any arbitrary code.

The vulnerability of the TComboboxStrings.Get function in the Parus-Budget enterprise automation system is related to the lack of checks on the data entered by users. Exploiting this vulnerability can allow an attacker to cause a stack overflow and execute arbitrary code...

The vulnerability of the `ldap_get_dn` function in the PHP interpreter, related to a pointer dereferencing error, allows attackers to trigger a denial-of-service attack.

The vulnerability of the ldapgetdn function ext/ldap/ldap.c in the PHP interpreter is related to incorrect handling of the returned value when processing specially crafted LDAP server responses. Exploiting this vulnerability could allow a remote attacker to cause service failures...