CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

CVE-2019-3894

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...

CVE-2019-3688 squid: /usr/sbin/pinger packaged with wrong permission

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain...

PT-2019-15051 · Libyal +1 · Liblnk +1

Name of the Vulnerable Software and Affected Versions: libyal liblnk versions prior to 20191006 Description: The issue is related to a heap-based buffer over-read in the liblnk location information read data function, located in liblnk location information.c, due to the use of an incorrect variab...

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34799)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in several Schneider Electric products. An attacke...

CVE-2019-11247 Kubernetes kube-apiserver allows access to custom resources via wrong scope

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

CVE-2017-18475

In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user SEC-204...

PT-2019-17775 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.2-RELEASE through 11.2-RELEASE-p11 FreeBSD versions 11.3-RELEASE through 11.3-RELEASE-p0 FreeBSD versions 12.0-RELEASE through 12.0-RELEASE-p7 Description: The issue arises from the handling of the close of a descriptor...

CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

CVE-2019-11699

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox 67...

CVE-2019-4236

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List ACL entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to...

libjpeg-turbo Denial of Service Vulnerability

libjpeg is a C language library for processing image data in JPEG format. The product includes JPEG decoding, JPEG encoding and other JPEG functions. libjpeg-turbo is an optimized and improved version of libjpeg. A security vulnerability exists in libjpeg-turbo version 2.0.2. An attacker could...

CVE-2019-3571

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension...

CVE-2019-3571

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension...

Facebook WhatsApp Input Verification Error Vulnerability

Facebook WhatsApp is a suite of mobile applications from the American company Facebook that utilize the web to deliver text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, and more. An input validation error...

CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

X (Formerly Twitter): Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain

Summary: There is wrong interpretation of URL encoded characters at https://twitter.com/safety/unsafelinkwarning endpoint which could lead to different location then what is supposed to. Although it shows warning but doesn't show warning about punny code characters. Description: On following...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

Wrong And Predictable Encryption

github.com/golang/crypto is vulnerable to predictable encryption. In the keystream generation of more than 256 GiB in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa, it can first generate incorrect output and finally cycling back to the previously...