Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19740PUBLISHED: 2019-12-12Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVE-2019-19746PUBLISHED: 2019-12-12make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19748PUBLISHED: 2019-12-12The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2017-18640PUBLISHED: 2019-12-12The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19726PUBLISHED: 2019-12-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from th...
User Rank: Strategist
10/17/2019 | 9:42:27 AM