Monthly Archive: May 2019

Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without...

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary...

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component. Date published : 2019-05-08 http://packetstormsecurity.com/files/151725/Master-IP-CAM-01-3.3.4.2103-Remote-Command-Execution.html https://syrion.me/blog/

Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3)...

Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-based buffer overflow vulnerability that potentially allow arbitrary code execution Date published : 2019-05-08 http://www.securityfocus.com/bid/108284 https://support.kaspersky.com/vulnerability.aspx?el=12430#080519

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due...

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Date published : 2019-05-08...

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with...

In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....

In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional...

In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the Bluetooth service with no additional execution...