Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2019-15046: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#redis#js#git#java#oracle
CVE-2019-10163: PowerDNS Authoritative Server 4.0.8 and 4.1.10 Released

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

CVE-2019-14370: heap-buffer-overflow in Exiv2::MrwImage::readMetadata() · Issue #954 · Exiv2/exiv2

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.

CVE-2019-14369: AddressSanitizer: heap-buffer-overflow in PngImage::readMetadata() pngimage.cpp:438 · Issue #953 · Exiv2/exiv2

Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.

CVE-2019-1010238: USN-4081-1: Pango vulnerability | Ubuntu security notices | Ubuntu

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

CVE-2019-1010247: Release release 2.3.10.2 · OpenIDC/mod_auth_openidc

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.

CVE-2019-13590: SoX - Sound eXchange / Bugs

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

CVE-2019-13132: USN-4050-1: ZeroMQ vulnerability | Ubuntu security notices | Ubuntu

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

CVE-2019-13302: heap-buffer-overflow in MagickCore/fourier.c:305:45 in ComplexImages · Issue #1597 · ImageMagick/ImageMagick

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.

CVE-2019-13311: memory leaks is detected at AcquireMagickMemory · Issue #1623 · ImageMagick/ImageMagick

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.