Recent vulnerabilities and exploits

7.5
CVSSv2
CVE-2018-19185

An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector....

Mz-automationLibiec61850
4.3
CVSSv2
CVE-2018-19122

An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c....

Mz-automationLibiec61850
5
CVSSv2
CVE-2018-18937

An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in ClientDataSet_getValues in client/ied_connection.c....

Mz-automationLibiec61850
4.3
CVSSv2
CVE-2018-19121

An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c....

Mz-automationLibiec61850
5
CVSSv2
CVE-2018-19093

** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program....

Mz-automationLibiec61850
NA
CVE-2019-17093

Avast Antivirus / AVG Antivirus - DLL Preloading into PPL and Potential Abuses...

7.2
CVSSv2
CVE-2017-11176

The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other...

DebianDebian LinuxLinuxLinux Kernel
NA
CVE-2015-9501

The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root....

NA
CVE-2019-16971

In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS....

NA
CVE-2019-16973

In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS....