Monthly Archive: September 2019

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Date published : 2019-09-23 https://www.debian.org/security/2020/dsa-4712 https://github.com/ImageMagick/ImageMagick/issues/1542

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Date published : 2019-09-23 https://www.debian.org/security/2020/dsa-4712 https://github.com/ImageMagick/ImageMagick/issues/1528

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Date published : 2019-09-23 https://github.com/ImageMagick/ImageMagick/issues/1531 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Date published : 2019-09-23 https://www.debian.org/security/2020/dsa-4712 https://github.com/ImageMagick/ImageMagick/issues/1531

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. Date published : 2019-09-23 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2YOYFI36IWKABNGFTWXCH7TTGAFODH6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24NTBHK2QNYKSBMJI34WEU5MHS3H2FAI/

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. Date published : 2019-09-23 https://github.com/wangyifani/kkcms/issues/1

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. Date published : 2019-09-23 https://github.com/libming/libming/issues/178

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim’s mouth and throat via Bluetooth Low...

The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. Date published : 2019-09-23 https://github.com/makandra/consul/issues/49 https://rubygems.org/gems/consul

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and...

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1221. Date...

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure...

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka ‘Microsoft Defender Denial of Service Vulnerability’. Date published : 2019-09-23 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow...