Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2019-18960: security - CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow

Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.

CVE
#web#mac#windows#amazon#linux#git#php#rce#buffer_overflow#auth
CVE-2019-5132: TALOS-2019-0921 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

CVE-2019-5133: TALOS-2019-0922 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

CVE-2019-5076: TALOS-2019-0865 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability.

CVE-2019-5083: TALOS-2019-0875 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

CVE-2019-19126: 25204 – (CVE-2019-19126) LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

CVE-2018-4031: TALOS-2018-0703 || Cisco Talos Intelligence Group

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.

CVE-2019-16278

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.

CVE-2019-1584: CVE-2019-1584 Remote Command Injection in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.