News aggregator

CVE-2019-14915

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
Categories: Security News

CVE-2019-16531 (layerbb)

National Vulnerability Database - Thu, 09/19/2019 - 22:16
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
Categories: Security News

CVE-2019-9717 (libav)

National Vulnerability Database - Thu, 09/19/2019 - 17:15
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
Categories: Security News

CVE-2019-9719 (libav)

National Vulnerability Database - Thu, 09/19/2019 - 17:15
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
Categories: Security News

CVE-2019-9720 (libav)

National Vulnerability Database - Thu, 09/19/2019 - 17:15
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
Categories: Security News

CVE-2019-16525 (checklist)

National Vulnerability Database - Thu, 09/19/2019 - 16:15
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
Categories: Security News

CVE-2019-9619

National Vulnerability Database - Thu, 09/19/2019 - 16:15
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Categories: Security News

CVE-2019-14821 (enterprise_linux, linux_kernel)

National Vulnerability Database - Thu, 09/19/2019 - 14:15
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Categories: Security News

CVE-2019-15032

National Vulnerability Database - Thu, 09/19/2019 - 13:15
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
Categories: Security News

CVE-2019-15033

National Vulnerability Database - Thu, 09/19/2019 - 13:15
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
Categories: Security News

CVE-2019-16412 (n301_firmware)

National Vulnerability Database - Thu, 09/19/2019 - 12:15
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)
Categories: Security News

CVE-2019-16510 (libiec61850)

National Vulnerability Database - Thu, 09/19/2019 - 12:15
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.
Categories: Security News

CVE-2019-16511

National Vulnerability Database - Thu, 09/19/2019 - 12:15
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
Categories: Security News

CVE-2019-14994

National Vulnerability Database - Thu, 09/19/2019 - 11:15
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Categories: Security News

CVE-2019-15000

National Vulnerability Database - Thu, 09/19/2019 - 11:15
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.
Categories: Security News

CVE-2019-15001

National Vulnerability Database - Thu, 09/19/2019 - 11:15
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
Categories: Security News

CVE-2019-16398

National Vulnerability Database - Thu, 09/19/2019 - 11:15
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
Categories: Security News

CVE-2019-11779

National Vulnerability Database - Thu, 09/19/2019 - 10:15
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
Categories: Security News

CVE-2019-3689

National Vulnerability Database - Thu, 09/19/2019 - 10:15
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set
Categories: Security News

CVE-2019-6010

National Vulnerability Database - Thu, 09/19/2019 - 10:15
Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.
Categories: Security News

Pages