UBUNTU-CVE-2019-2762

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2738

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Compiling. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple...

SHEKAR Technology Endoscope Buffer Overflow Vulnerability (CNVD-2019-18879)

SHEKAR Technology Endoscope is a portable endoscopic device from SHEKAR Technology, China. A buffer overflow vulnerability exists in SHEKAR Technology Endoscope. The vulnerability originates when a networked system or product performs an operation on memory without properly validating data...

Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2019-17135)

Panasonic FPWIN Pro is a set of controller programming software from Panasonic Corporation of Japan. A buffer overflow vulnerability exists in Panasonic FPWIN Pro 7.3.0.0 and prior versions. The vulnerability stems from a networked system or product performing operations on memory without properl...

mysql: InnoDB unspecified vulnerability (CPU Oct 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2616

Vulnerability in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access...

Design/Logic Flaw

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: libmysqld. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2019-2605

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware subcomponent: Web Catalog. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network...

Capsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability

Summary A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in ful...

CVE-2019-8274

CVE-2019-8274 affects UltraVNC 1211 in the VNC server code’s file transfer offer handler, describing a heap-based buffer overflow that could allow remote code execution via network access. The issue is resolved in revision 1212. No exploitation details are provided beyond that it is network-explo...

CVE-2019-8272

UltraVNC 1211 contains off-by-one vulnerabilities in the VNC server code that can potentially lead to remote code execution when exploited over a network. The issue is fixed in revision 1212. A Nessus plugin also documents other related UltraVNC CVEs (e.g., 2019-8274, 2019-8271) affecting version...

CVE-2019-8275

UltraVNC revision 1211 contains multiple improper null termination vulnerabilities in the VNC server code, allowing out-of-bounds data access via network. CVSS v3.1 base score 9.8. Affected: UltraVNC 1211; fix: upgrade to revision 1212 (addressed in the same family of issues).

CVE-2019-8280

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204...

CVE-2019-8271

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212...

CVE-2019-8265

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in...

CVE-2019-8261

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200...

CVE-2019-8262

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204...

Information disclosure

UltraVNC revision 1198 contains multiple memory leaks CWE-655 in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

CVE-2019-8259

UltraVNC revision 1198 contains multiple memory leaks CWE-655 in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...