News aggregator

CVE-2019-17542

National Vulnerability Database - Sun, 10/13/2019 - 22:15
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
Categories: Security News

CVE-2019-17543

National Vulnerability Database - Sun, 10/13/2019 - 22:15
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.)
Categories: Security News

CVE-2019-17544

National Vulnerability Database - Sun, 10/13/2019 - 22:15
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.
Categories: Security News

CVE-2019-17537

National Vulnerability Database - Sun, 10/13/2019 - 15:15
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
Categories: Security News

CVE-2019-17538

National Vulnerability Database - Sun, 10/13/2019 - 15:15
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
Categories: Security News

CVE-2019-17535

National Vulnerability Database - Sun, 10/13/2019 - 14:15
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Categories: Security News

CVE-2019-17536

National Vulnerability Database - Sun, 10/13/2019 - 14:15
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Categories: Security News

CVE-2019-17533

National Vulnerability Database - Sat, 10/12/2019 - 22:15
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
Categories: Security News

CVE-2019-17534

National Vulnerability Database - Sat, 10/12/2019 - 22:15
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
Categories: Security News

CVE-2019-17531

National Vulnerability Database - Sat, 10/12/2019 - 17:15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
Categories: Security News

CVE-2019-17532

National Vulnerability Database - Sat, 10/12/2019 - 17:15
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.
Categories: Security News

CVE-2019-17502

National Vulnerability Database - Sat, 10/12/2019 - 16:15
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.
Categories: Security News

CVE-2019-17528

National Vulnerability Database - Sat, 10/12/2019 - 16:15
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.
Categories: Security News

CVE-2019-17529

National Vulnerability Database - Sat, 10/12/2019 - 16:15
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
Categories: Security News

CVE-2019-17530

National Vulnerability Database - Sat, 10/12/2019 - 16:15
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.
Categories: Security News

CVE-2019-17522

National Vulnerability Database - Sat, 10/12/2019 - 14:15
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.
Categories: Security News

CVE-2019-17521

National Vulnerability Database - Sat, 10/12/2019 - 14:15
An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,
Categories: Security News

CVE-2019-17514

National Vulnerability Database - Sat, 10/12/2019 - 09:15
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
Categories: Security News

CVE-2017-18638

National Vulnerability Database - Fri, 10/11/2019 - 19:15
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
Categories: Security News

CVE-2019-17176

National Vulnerability Database - Fri, 10/11/2019 - 17:15
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).
Categories: Security News

Pages