RHEL 7 : kernel (RHSA-2019:3841)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3841 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: Machine Check Error on Page Size...

Memory corruption

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by...

CVE-2019-5089

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by...

CVE-2019-11500

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Cisco IOS XE Software ASIC Register Write Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. The vulnerability allows an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specif...

CVE-2019-12660

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...

CVE-2019-12660

CVE-2019-12660 describes a vulnerability in the CLI of Cisco IOS XE Software where an authenticated, local attacker can write to the device’s memory due to improper input validation and command authorization. The attack could enable modification of the device configuration, leading to an insecure...

Amazon Linux 2 : edk2 (ALAS-2019-1290)

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12182 Stack overflow in XHCI for EDK II may allow an unauthenticated user to...

CVE-2019-6829

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware version prior to V2.90 and Modicon M340 firmware version prior to V3.10, which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus...

PT-2019-18367

Name of the Vulnerable Software and Affected Versions Modicon M580 versions prior to V2.90 Modicon M340 versions prior to V3.10 Description A CWE-248: Uncaught Exception issue exists, which could cause a possible denial of service when writing to specific memory addresses in the controller over...

CVE-2019-1254

CVE-2019-1254 affects Microsoft Windows Hyper-V, where information is disclosed when a program writes uninitialized memory to disk. The CNVD description notes an information-disclosure vulnerability allowing an attacker to read files and recover kernel memory via Hyper-V. Details about affected v...

DEBIAN-CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

UBUNTU-CVE-2019-16224

An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

UBUNTU-CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

Dovecot < 2.2.36.4 and < 2.3.7.2 Heap Overflow Vulnerability

Dovecot is prone to an unauthenticated heap out of bounds heap memory write vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0095)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0062)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0153)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafte...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0095)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerabili...