OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Openfire 4.4.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Affected Software: Openfire Affected Versions: 4.4.1 Vendor Homepage: https://www.igniterealtime.org/ Vulnerability Type: Cross-site Scripting Severity: Medium Status: Fix...

CVE-2019-9424

In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092...

Information disclosure

In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092...

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

Amazon Linux 2 : oniguruma (ALAS-2019-1288)

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

Enigma NMS 65.0.0 - SQL Injection

Enigma NMS 65.0.0 - SQL Injection -------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...

CVE-2019-15137

The CVE-2019-15137 vulnerability affects the Access Control plugin in eProsima Fast RTPS (through version 1.9.0). The root cause is that fnmatch pattern matching is applied to topic name strings instead of the permission expressions themselves, enabling unintended connections between participants...

Vulnerability in core server (CVE-2019-10208)

TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call havi...

Poppler De-Zero Error Vulnerability

Poppler is based on xpdf-3.0 code base PDF rendering library. A divide-by-zero error vulnerability exists in the SplashOutputDev::tilingPatternFill function in SplashOutputDev.cc in Poppler 0.78.0 and earlier versions, which can be exploited by an attacker to cause a denial of service...

DEBIAN-CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc...

AZL-44472 CVE-2019-14494 affecting package cppcheck for versions less than 2.18.3-1

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc...

Divide By Zero

Overview Affected versions of this package are vulnerable to Divide By Zero. An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Details Denial of Service DoS describes a family of attacks, al...

UBUNTU-CVE-2019-14494

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc...

Bypass lock protection in Android app (NC-SA-2019-004)

Creating a fake multi-account and aborting the process would redirect the user to the default account of the device without asking for the lock pattern if one was set up...

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords

A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes. Git Hound makes it easy to find exposed API keys on GitHub using pattern matching, targetted querying, and a scoring system. Usage echo "tillsongalloway.com" | python git-hound.py or...

CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

[SECURITY] Fedora 29 Update: mutt-1.12.0-1.fc29

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

[SECURITY] [DLA 1854-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u2 CVE ID : CVE-2019-13224 Debian Bug : 931878 A use-after-free in onignewdeluxe in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacke...