3833 matches found
UBUNTU-CVE-2019-16094
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...
PT-2019-14502 · Symonics +2 · Libmysofa +2
Name of the Vulnerable Software and Affected Versions: Symonics libmysofa version 0.7 Description: The issue is related to an invalid write in the readOHDRHeaderMessageDataLayout function located in hdf/dataobject.c. Recommendations: For Symonics libmysofa version 0.7, consider applying a patch o...
[SECURITY] Fedora 29 Update: pango-1.42.4-3.fc29
Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango can be used anywhere that text layout is nee ded, though most of the work on Pango so far has been done in the context of the GTK+ widget toolkit. Pango forms the core of text and font handlin...
[SECURITY] Fedora 30 Update: pango-1.43.0-4.fc30
Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango can be used anywhere that text layout is nee ded, though most of the work on Pango so far has been done in the context of the GTK+ widget toolkit. Pango forms the core of text and font handlin...
Fedora Update for pango FEDORA-2019-547be4a683
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Remote Code Execution (RCE)
magento/community-edition is vulnerable to remote code execution RCE. The vulnerability exists as a user with admin privileges to layouts can execute code through a XML layout update...
kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location ...
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...
CVE-2019-7942
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates...
CVE-2019-7896
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
CVE-2019-7896
CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...
CVE-2019-7895
Summary: Magento 2.x versions are affected by a remote code execution vulnerability via a crafted XML layout update. Affected versions: 2.1 before 2.1.18, 2.2 before 2.2.9, 2.3 before 2.3.2. Prerequisite to exploit: an authenticated user with admin privileges to layouts. Impact: arbitrary code ex...
CVE-2019-7876
CVE-2019-7876 is a remote code execution vulnerability in Magento 2.x prior to certain patch levels: 2.1.x < 2.1.18, 2.2.x < 2.2.9, and 2.3.x
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...