In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440.
coders/tiff.c in ImageMagick before 220.127.116.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).