There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. If the buffer is a view, the offset is added to the buffer twice before this is copied. This could allow memory off the heap to be read out of the source buffer, either though parsing exceptions or data sections when they are copied
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
Remaining NVD entries (unprocessed / no code available): ~123577 :
Date
ID
Summary
Products
Score
Patch
2019-08-20
CVE-2019-11806
OX App Suite 7.10.1 and earlier has Insecure Permissions.
N/A
N/A
2019-08-20
CVE-2019-11522
OX App Suite 7.10.0 to 7.10.2 allows XSS.
N/A
N/A
2019-08-20
CVE-2019-11521
OX App Suite 7.10.1 allows Content Spoofing.
N/A
N/A
2019-08-20
CVE-2018-20975
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
N/A
N/A
2019-08-20
CVE-2019-12889
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will...
N/A
N/A
2019-08-20
CVE-2019-15239
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in...
N/A
N/A
2019-08-20
CVE-2019-15227
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.