XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.
bef8d392354ac6f32aad2cc335619acb48b545689c0c72e1a05e0b745d672e69
Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
9c8b27fd5dc694419a2e1fe2acaec09a3a3748cecd6c755d74306abf2fa147f4
JSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.
14a279bae66e49056c0e4b2a9091c3240e0fe8851027046cca926102cea4471b
Revive Adserver versions prior to 4.2.1 make use of a cryptographically weak pseudo-random number generator.
feabf4f5898a355332369c41662b3e060d381adec2eedf985f89fc2676ad6cbd
Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration.
9244da60cca6bb20e28c6e48071ebae23a77caa73e171e154cefdeb20273d3b2
WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.
fc77f6adb81f44a3ceb47bcf986c7857a13278c42b77786d3bf874042831015c
Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.
28909dfaec423e05f4608eb048743996392be70b8be76c266a132e15a974d78b
Red Hat Security Advisory 2019-1258-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
d734ef64d7114739cff19f38271902146dcd30ed2009404fec5ebeeed3280b4c
Ubuntu Security Notice 3989-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
f48db585c7142fafe34c9d53c8235891a172ee735429b190c47490cd53eb7fbc
Ubuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
e9666cdd7eef3aca2bd5ffd29ff63c88a8467a370952dab56c248b7ca926192c
XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.
470329e1920caa904f96f74e15916983bba7d0ee716d7e801ef03849690a1b83
The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
36e4c1600341712dd48481dde14154b5ae9680dbb41cdfae332f3ee20e766b99
JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
27425be0903bc29c98b9ac1f8d97a7534299a0640fd9a7853018e50fa5fb5df7
JavaScriptCore AIR optimization incorrectly removes assignment to register.
a8dd00ac9f2bcbdc2b915ee79af5769a43a82c3045a988444400a182ce34eb0c
Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
a746a7f8973556b23ebea90b00627034fee20f44dce632fd39f31dcfa7483ceb
TP-LINK TL-WR840N version 5 00000005 suffers from a cross site scripting vulnerability.
a11b501e0ca68dec43b81d1cbd9152aec8a3c7436b00004f6fe250babf55e01d
Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4214105bec24dd8de4da917230c4a1eb81bb27639dfc0b3c239fc9801fd2cf9d
Oracle CTI Web Service suffers from an EBS_ASSET_HISTORY_OPERATIONS XML external entity injection vulnerability.
cda98533fdac9fe852556086612072f1c122e32dea247ebc2f590443ae0555c1
Deluge version 1.3.15 Webseeds and URL proof of concept denial of service exploits.
b5af7f8f26e18961391bc3b4880efbdc7eb0942385c5db2600b78c2a2264d529
Moodle Jmol Filter version 6.1 suffers from cross site scripting and directory traversal vulnerabilities.
61f9bd2a7db5f843341800c1aa432ed81b532f7d01f6079f603fc9eba4fca0bc
WordPress WPGraphQL plugin version 0.2.3 suffers from authentication bypass and information disclosure vulnerabilities.
2b49e0c2c98c7c506e6cabed55704b5bd7076662885a13895160d71dc5717cf7