5335 matches found
CVE-2019-16395
GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...
UBUNTU-CVE-2019-16395
GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...
CVE-2019-16395
GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...
Stack overflow
GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...
Code injection
GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...
CVE-2019-16396
GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...
CVE-2019-16395
GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...
CVE-2019-16396
GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...
CVE-2019-16396
GnuCOBOL 2.2 is affected by a use-after-free in the end_scope_of_program_name() function of cobc/parser.y triggered by crafted COBOL source code. Root cause is a memory management flaw in that parser path, leading to use-after-free. CVSS details show a CVSS‑3.1 base score of 7.8 (HIGH) with local...
CVE-2019-16396
GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
Design/Logic Flaw
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
CVE-2019-16313
CVE-2019-16313 affects ifw8 Router ROM v4.31. According to the connected Nuclei template, it enables credential disclosure by reading the action/usermanager.htm HTML source code. Impact is described as credential exposure with no full exploit details provided in the documents; CVSSv3.1 base score...
CVE-2019-13534
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part : M8096-67501, WLAN Version B, Firmware A.01.09, Part : N/A Replaced by Version C and WLAN Version B, Firmware A.01.09, Part : N/A Replaced by Version C. The product...
U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak
Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...
U.S. Dept Of Defense: Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak
Description During poking around █████████/24 range - █████ looking for the Cisco devices, I came across █████ which resolved to the https://██████/ While it's a not .mil host, it's likely related to the DoD since it hosted in the DoD-controlled ASN. I discovered few critical vulnerabilities here...
U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak
A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...
FreeBSD-SA-19:23.midi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...
U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns
Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...