Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

CVE
#ios#android#mac#apple#google#amazon#ubuntu#linux#git#intel#c++#perl#vmware#lenovo#amd#bios#buffer_overflow#alibaba#asus#samsung#huawei#auth#ibm#dell#sap#wifi#ssl
CVE-2019-19246: Heap buffer overflow in mb_eregi

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

CVE-2019-5029: TALOS-2019-0790 || Cisco Talos Intelligence Group

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.

CVE-2019-16294: Scintilla

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

CVE-2018-21012: CF7 Invisible reCAPTCHA

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.

CVE-2019-16120: Event Tickets and Registration

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

CVE-2019-16056: Issue 34155: [CVE-2019-16056] email.utils.parseaddr mistakenly parse an email

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

CVE-2016-10894: #830726 - xtrlock: CVE-2016-10894: xtrlock does not block multitouch events

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).