An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an …

Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 …

The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. Source: NIST CVE-2019-19464

The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. Source: NIST CVE-2019-19463

Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Source: NIST CVE-2013-7484

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. Source: NIST …

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text …

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa …

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server’s private key by determining factors using …

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related …