The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Date published : 2019-03-17 https://bugs.chromium.org/p/project-zero/issues/detail?id=1760 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with...
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. Date published : 2019-03-17 https://www.exploit-db.com/exploits/46253/ http://packetstormsecurity.com/files/151372/AirTies-Air5341-Modem-1.0.0.12-Cross-Site-Request-Forgery.html
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Date published : 2019-03-17 http://www.securityfocus.com/bid/106758 https://seclists.org/bugtraq/2019/May/76
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end...
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the...
The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. Date published : 2019-03-17 http://seclists.org/fulldisclosure/2019/Feb/21 http://packetstormsecurity.com/files/151524/Qkr-With-MasterPass-Man-In-The-Middle.html
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted....
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. Date published : 2019-03-17 https://security.netapp.com/advisory/ntap-20190411-0006/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this...
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. Date published : 2019-03-17 https://hackerone.com/reports/358645
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. Date published : 2019-03-17 https://hackerone.com/reports/334837
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. Date published...
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port...