NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

CVE-2019-2176

In ihevcdparsebufferingperiodsei of ihevcdparseheaders.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

Linux kernel buffer overflow vulnerability (CNVD-2019-29640)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'ad5755parsedt' function in the drivers/iio/dac/ad5755.c file in versions of Linux kernel prior to 4.8.6. The vulnerabili...

Linux kernel buffer overflow vulnerability (CNVD-2019-29637)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'parseaudiomixerunit' function in the sound/usb/mixer.c file in Linux kernel 5.2.9 and earlier. The vulnerability stems...

php: Invalid memory access in function xmlrpc_decode()

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

DEBIAN-CVE-2016-10907

An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755parsedt...

UBUNTU-CVE-2019-15117

parseaudiomixerunit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access...

Sensitive Data Exposure

Overview Versions of parse-server prior to 3.6.0 are vulnerable to Sensitive Data Exposure. The package throws the error ParseError.ACCOUNTALREADYLINKED208 before the authentication controller throws ParseError.SESSIONMISSING206. This allows unauthenticated attackers to enumerate user account by...

Denial of Service

Overview Versions of parse-server prior to 3.4.1 are vulnerable to Denial of Service DoS. POST requests to /parse/classes/Audience or other volatile classes cause the server to respond with a 500 Internal Server Error for any subsequent POST requests. Recommendation Upgrade to version 3.4.1 or...

The vulnerability of the urllib.parse.urlsplit and urllib.parse.urlparse functions in the Python interpreter allows a attacker to disclose protected information, read or write arbitrary data, or cause a denial-of-service attack.

The vulnerability of the urllib.parse.urlsplit and urllib.parse.urlparse functions in the Python interpreter is related to errors in handling registration data. Exploiting this vulnerability can allow an attacker to disclose sensitive information, read or write arbitrary data, or cause service...

LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp

An error within the "parserollei" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...

LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp

An error within the "parsesinaria" function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources...

kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP

A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfrsp and l2capparseconfreq functions. An attacker with physical access within the range of standard Bluetooth transmission can create a...

parse-server denial of service vulnerability

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-server versions prior to 3.4.1. An attacker can exploit this vulnerability to cause a denial of service...

Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux

usbrip derived from "USB Ripper", not "USB R.I.P." is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts aka USB event history, "Connected" and "Disconnected" events on Linux machines. Description usbrip is a small piece of software written in pure...

OpenCV Null Pointer Dereference Vulnerability

OpenCV is a cross-platform computer vision library. A null pointer dereference vulnerability exists in the cv::XMLParser::parse function in modules/core/src/persistence.cpp in versions of OpenCV prior to 4.1.1. An attacker could exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2019-14493

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

CVE-2019-14493

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

CVE-2019-14493

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

Information Disclosure

parse-server is vulnerable to information disclosure. A remote attacker is able to enumerate existing accounts by analyzing the error messages from server responses...