CVE-2019-11836
The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout.
Source: CVE-2019-11836
[월:] 2019년 05월
CVE-2019-11820
CVE-2019-11820
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
Source: CVE-2019-11820
CVE-2019-11834
CVE-2019-11834
cJSON before 1.7.11 allows out-of-bounds access, related to x00 in a string literal.
Source: CVE-2019-11834
CVE-2019-11835
CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
Source: CVE-2019-11835
CVE-2019-11832
CVE-2019-11832
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
Source: CVE-2019-11832
CVE-2019-11831
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Source: CVE-2019-11831
CVE-2019-11830
CVE-2019-11830
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
Source: CVE-2019-11830
CVE-2019-7442
CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Source: CVE-2019-7442
CVE-2019-9698
CVE-2019-9698
Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system without elevated privileges.
Source: CVE-2019-9698
CVE-2019-11494
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
Source: CVE-2019-11494