A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition...
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on...
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on...
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device....
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. Date published : 2019-04-08 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. Date published :...
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. Date published : 2019-04-08 https://github.com/saitoha/libsixel/issues/85 https://research.loginsoft.com/bugs/1501/
The agroot() function in cgraphobj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. Date published : 2019-04-08 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI3D5TQE3IMCSF5OUTXQL4GVKFCIY5JG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLEAHLDJVMAEGA3YMC7KPKJ7ZPXNMJID/
applicationadmincontrollerUser.php in ThinkAdmin V4.0 does not prevent continued use of an administrator’s cookie-based credentials after a password change. Date published : 2019-04-08 https://github.com/zoujingli/ThinkAdmin/issues/173
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. Date published : 2019-04-08 https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311 https://github.com/Elgg/Elgg/releases/tag/1.12.18
The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera...
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. Date published : 2019-04-08...
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file....
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other...