CVE-2019-15366

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...

CVE-2019-15366

CVE-2019-15366 pertains to the Infinix Note 5 on Android 8.1.0 where a pre-installed app with package name com.mediatek.wfo.impl exposes an interface that allows any app colocated on the device to modify a system property without proper authorization. Root cause is an exported interface with insu...

CVE-2019-15361

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...

CVE-2019-15361

The CVE-2019-15361 entry concerns the Infinix Note 5 Android device with fingerprint Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys. A pre-installed app with package name com.mediatek.wfo.impl (versionCode 27, versionName 8.1.0) exposes an exported interface that al...

CVE-2019-16401

The CVE-2019-16401 entry concerns Samsung Galaxy S8 Plus, Galaxy S3, and Galaxy Note 2 devices. These devices allegedly allow injection of AT+CIMI and AT+CGSN over Bluetooth, exposing sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength...

CVE-2019-16400

Samsung Galaxy S8 plus Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3, Samsung Galaxy S3 Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8, and Samsung...

elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

DEBIAN-CVE-2012-6124

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes and is advertised as being unsuitable."...

Adobe ColdFusion File Upload (APSB18-33) (CVE-2018-15961)

An arbitrary file upload vulnerability exists in Adobe ColdFusion due to insufficient validation in the filemanager plugin. An unauthenticated, remote attacker can exploit this, via a specially crafted POST request, to upload arbitrary files on the remote host. TRUSTED...

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

UBUNTU-CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

PT-2019-15016 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 10.0.2 Description: The issue concerns HTML Injection in the Note field, specifically via the user/note.php endpoint. This allows for potential malicious code injection. Recommendations: For Dolibarr ERP/CRM version...

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4524103)

Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4524103 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

UBUNTU-CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...