In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is...
In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution...
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. Date published : 2019-04-19 https://github.com/mkucej/i-librarian/issues/138
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the...
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve...
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework. Date published : 2019-04-19 https://forum.teamspeak.com/threads/139546-Release-TeamSpeak-3-Client-3-2-5 https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-004.md
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. Date published : 2019-04-19 https://release-notes.cloudbees.com/release/21/8.18 https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure
data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked. Date published...
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr...
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary...
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and...
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. Date published :...
** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some...