CVE-2019-14444

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

Source: CVE-2019-14444

CVE-2019-14386

cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).

Source: CVE-2019-14386

CVE-2019-14387

cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).

Source: CVE-2019-14387

CVE-2019-14388

cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).

Source: CVE-2019-14388

CVE-2019-14391

cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).

Source: CVE-2019-14391

CVE-2019-14389

cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

Source: CVE-2019-14389

CVE-2019-14442

In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Source: CVE-2019-14442

CVE-2019-14441

An issue was discovered in Libav 12.3. An access violation allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. This is related to ff_mpa_synth_filter_float in avcodec/mpegaudiodsp_template.c.

Source: CVE-2019-14441

CVE-2019-14443

An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

Source: CVE-2019-14443

CVE-2019-14381

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.

Source: CVE-2019-14381