Schneider Electric Altivar ATV930D22M3 Variable Speed Drive

Binary data 764308.prm...

Schneider Electric Altivar ATV61HC50N4 Variable Speed Drive

Binary data 763981.prm...

Design/Logic Flaw

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

CVE-2019-2247

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion LICM in DFG JIT Leaves Stack Variable Uninitialized While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with...

Schneider Electric Altivar 32 Variable Speed Drive Detection

Binary data 267.prm...

Schneider Electric Altivar Process ATV900 Series Variable Speed Drive Detection

Binary data 268.prm...

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT

macOS 13.37; stackspray = ; for let v15 = 0; v15 100; v15++ function v19v23 // This weird loop form might be required to prevent loop unrolling... for let v30 = 0; v30 3; v30 = v30 + "asdf" // Generates the specific CFG necessary to trigger the bug. const v33 = Error != Error; if v33 else // Forc...

Apple macOS &lt; 10.14.5 / iOS &lt; 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with --useConcurrentJIT=false // Fill the stack with the return value of the provided function. function stacksprayf // This function will...

CVE-2018-16156

In PaperStream IP TWAIN 1.42.0.5685 Service Update 7, the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkicFjicube32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes...

CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted...

CVE-2019-10139

CVE-2019-10139 affects cockpit-ovirt: during hosted engine deployment, cockpit-ovirt creates an ansibleVarFileXXXXXX.var containing admin and appliance passwords in plain text at /var/lib/ovirt-hosted-engine-setup/cockpit/. These files are deleted at the end of deployment, but during exposure the...

CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-1327)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the btsockrecvmsg function in net/bluetooth/afbluetooth..c does not initialize a certain length variable...

Information Disclosure

kernel-rt is vulnerable to information disclosure. The vulnerability exists as the rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c does not initialize a certain length variable...

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

Design/Logic Flaw

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...