226 matches found
CVE-2019-12620
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...
Authentication flaw
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...
CVE-2019-6809
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...
CVE-2019-6809
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...
Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2019-27321)
Qualcomm MDM9607 and others are products of Qualcomm Incorporated.MDM9607 is a central processing unit CPU product.MDM9650 is a central processing unit CPU product.SDX20 is a modem. A buffer overflow vulnerability exists in Video Firmware in multiple Qualcomm products, which originates when a...
Code injection
Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909...
CVE-2019-2279
CVE-2019-2279 affects Qualcomm/Snapdragon components (e.g., Snapdragon Auto/Connectivity/Consumer IOT/Industrial IOT, Snapdragon Mobile, Wearables, and related SoCs such as MDM9150, MDM9607, MDM9650, various SDx/SDM/QCA families). Root cause: shared memory is updated with invalid data, causing me...
Exiv2 Input Validation Error Vulnerability
Exiv2 is a set of C++ libraries and command line applications for managing image metadata by Andreas Huggel programmers. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. An input validation error vulnerability exists in Exiv2...
DEBIAN-CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
ALPINE-CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
UBUNTU-CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
CVE-2019-13113
Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...
CVE-2018-7843
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus...
openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-503)
This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...
PHP Multiple Vulnerabilities (Mar 2019) - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
Multiple vulnerabilities in extension "femanager" (femanager)
It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)
This update for MozillaFirefox to version ESR 52.9 fixes the following issues : CVE-2018-5188: Various memory safety bugs bsc1098998 CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12365:...
Amazon Linux 2 : thunderbird (ALAS-2018-1061)
Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part by pressing ente...
Critical: thunderbird
Issue Overview: Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part ...