CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

Design/Logic Flaw

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

CVE-2019-1010299 affects the Rust standard library: Rust 1.18.0 and later. The vulnerability is CWE-200 Information Exposure due to the Debug trait implementation for std::collections::vec_deque::Iter, which could cause contents of uninitialized memory to be printed when debug-printing an iterato...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

Important: Red Hat Security Advisory: python27-python security update

An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS Update for python CESA-2019:1587 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...

Remote code execution

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Confi...

CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...

libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients

It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...

CVE-2019-1906

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could...

DEBIAN-CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

Microsoft Management Console Bugs Allow Windows Takeover

A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine. The bugs are grouped under one umbrella CVE-2019-0948...

CVE-2017-9389

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the Lua programming language. Also the interfa...

CVE-2017-9389

CVE-2017-9389 affects Vera VeraEdge (1.7.19) and Veralite (1.7.481). The web UI allows users to install and write Lua applications without authentication. A POST carries user-provided Lua code to the LuaUPNP daemon, which handles it in LU::JobHandler_LuaUPnP::RunLua and passes the code to LU::Lua...

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

Unspecified Vulnerability in Google API C++ Client

Google API C++ Client is a C++-based Google API client library from Google USA. An unspecified vulnerability exists in versions of Google API C++ Client prior to 2019-04-10. An attacker can exploit this vulnerability to cause a denial of service...