CVE-2019-15689

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege...

CVE-2019-18933

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication e.g., GitHub or Google SSO in an organization that also allows password authentication could have their personal API key stolen by an...

CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

lldpad security and bug fix update

1.0.1-13.git036e314 - After gating yml updates 1.0.1-12.git036e314 - Add support for DSCP selectors in APP TLVs 1704660 1.0.1-11.git036e314 - Fix memleak on TLV reception 1727326 1.0.1-10.git036e314 - Fix the OID display 1614933...

go-toolset:ol8 security, bug fix, and enhancement update

...

libarchive security and bug fix update

3.3.2-7 - fix use-after-free in delayed newc link processing 1602575 - fix a few obvious resource leaks and strcpy misuses 1602575 3.3.2-6 - fixed use after free in RAR decoder 1700752 - fixed double free in RAR decoder 1700753 3.3.2-5 - release bump due to gating 1680768 3.3.2-4 - fix...

hao.2345daohang.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-1015381 Security Researcher 41PH4 Helped patch 18 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting hao.2345daohang.com website and its users. Following...

libzfcphbaapi bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2019-6470

CVE-2019-6470 concerns a use-after-free/crash in DHCPv6 when ISC BIND libraries are mismatched with dhcpd. The described root cause is a bug in a BIND library function used by dhcpd, with the library bug preventing normal operation and a crash potential when vendors differ in package versions. Af...

CVE-2002-2444

Snoopy before 2.0.0 has a security hole in exec cURL...

app.wallapop.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1004273 Security Researcher logindenied Helped patch 7927 vulnerabilities Received 8 Coordinated Disclosure badges Received 76 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting app.wallapop.com websi...

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

cryptofuzz:cryptofuzz-openssl: Crash in _aesni_decrypt2

Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5110881091846144 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-openssl Job Type: libfuzzerasancryptofuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

CVE-2019-15265

CVE-2019-15265 affects Cisco Aironet Access Points, specifically the BPDU forwarding feature. The issue arises when BPDUs from certain wireless clients are forwarded incorrectly, which can allow an unauthenticated adjacent attacker to induce a DoS by forcing an AP port to an error-disabled/offlin...

imagemagick:encoder_mvg_fuzzer: Use-of-uninitialized-value in DrawPrimitive

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5033441388658688 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: encodermvgfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Cra...

OPENSUSE-SU-2019:2271-1 Security update for php7

This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exifscanthumbnail bsc1146360. - CVE-2019-11042: Fixed heap buffer over-read in exifprocessusercomment bsc1145095. Non-security issue fixed: - Drop -n from php invocation from...

Quantopian: Stored cross-site scripting in dataset owner.

Hi again. Another XSS this time. Summary: Unescaped chars in 'dataset owner' could be abused to store arbitrary javascript. Description: There is a 'dataset owner' field in new 'custom dataset dashboard' which contains unsanitized output. If attacker would modify his name, like first name '', the...

Android - Binder Driver Use-After-Free

Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...

CVE-2019-2294

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial...

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny

Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and...