In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Date published : 2019-02-18 http://www.securityfocus.com/bid/107063 http://patchwork.ozlabs.org/patch/1042902/
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). Date published : 2019-02-18 https://github.com/taosir/wtcms/issues/5
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. Date published : 2019-02-18 https://github.com/taosir/wtcms/issues/5
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image. Date published : 2019-02-18 https://github.com/taosir/wtcms/issues/6
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file,...
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Date published : 2019-02-18 https://bugs.astron.com/view.php?id=65 https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Date published : 2019-02-18 https://support.apple.com/kb/HT209599 https://support.apple.com/kb/HT209600
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Date published : 2019-02-18 http://www.securityfocus.com/bid/107137 https://bugs.astron.com/view.php?id=63
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. Date published : 2019-02-18 http://www.securityfocus.com/bid/107130 https://bugs.astron.com/view.php?id=62
index.js in Total.js Platform before 3.2.3 allows path traversal. Date published : 2019-02-18 https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903 https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users’ articles via the public/api.php?app=user URI. Date published : 2019-02-18 https://github.com/idreamsoft/iCMS/issues/56
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because...
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. Date published : 2019-02-18 https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505 https://tintin.sourceforge.io/news.php
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname....