CVE-2019-5605

Removed by vendor...

Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...

UBUNTU-CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

CVE-2019-12552

In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service...

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2019:1859-1)

This update for libgcrypt fixes the following issues : Security issues fixed : CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

CVE-2019-13603

An issue was discovered in the HID Global DigitalPersona formerly Crossmatch U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combinatio...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Remote Desktop Protocol Client Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would...

GHSA-C9JJ-3WVG-Q65H Vulnerability that affects org.apache.pdfbox:pdfbox

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,...

PRODSECBUG-2267: Use of insufficiently random values when generating initialization vector

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

kernel: race condition in snd_seq_write() may lead to UAF or OOB-access

ALSA sequencer core initializes the event pool on demand by invoking sndseqpoolinit when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access...

Microsoft Windows gdiplus Font Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Information disclosure

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure an...

CVE-2019-1039

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Design/Logic Flaw

aareadheader in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables...

Poppler heap buffer overread vulnerability (CNVD-2019-15934)

Poppler is based on xpdf-3.0 code base PDF rendering library. A heap buffer over-read vulnerability exists in JPXStream::init in JPEG2000Stream.cc in Poppler 0.76.1 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service via data with inconsistent height or...

UBUNTU-CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...