3 matches found
CVE-2018-14404
The CVE-2018-14404 entry affects libxml2 (up to 2.9.8). It describes a NULL pointer dereference in xpath.c:xmlXPathCompOpEval() when parsing an invalid XPath expression in the XPATH_OP_AND/OR case, potentially causing a denial-of-service crash for applications processing untrusted XSL inputs. Pub...
CVE-2019-9971
The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...
CVE-2019-9972
The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...