In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/95cc9300430d35feb05b06a9badf678419463dbe https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/3b837bb72d6b9ab4d563faa211f90efc257e3c96 https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/3f503dd294efc63a59608d8a16058c41d44ba13a https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/b84c2cab55948a5ee70860779b2640913e3ee1ed https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5 https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/f878ba67b638f0d5050b6dba61b9737f64fc53de https://github.com/LibreDWG/libredwg/issues/178
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. Date published : 2020-07-16 https://github.com/LibreDWG/libredwg/commit/d7913b893bfa98fab27f05825dc4cab2d3a20c83 https://github.com/LibreDWG/libredwg/issues/178
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. Date published : 2020-07-16 https://helpx.adobe.com/security/products/adm/apsb20-49.html
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. Date published : 2020-07-16 https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. Date published : 2020-07-16 https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. Date published : 2020-07-16 https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html