Security Pros Value Disclosure … Sometimes

0
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-9717
PUBLISHED: 2019-09-19

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.

CVE-2019-9719
PUBLISHED: 2019-09-19

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

CVE-2019-9720
PUBLISHED: 2019-09-19

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

CVE-2019-16525
PUBLISHED: 2019-09-19

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.

CVE-2019-9619
PUBLISHED: 2019-09-19

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More HERE

0

Leave a Reply