CVE: CVE-2019-7123 Tested Versions: Adobe Reader DC 2019.010.20064 Product URL(s): https://acrobat.adobe.com/us/en/acrobat.html https://get.adobe.com/reader/ Description of the vulnerability Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). It provides compatibility to the ECMA-363 Standard (Universal 3D File Format) via 3difr.x3d, 2d.x3d and rt3d.dll, which allow viewing embedded 3D contents in PDF files....

CVE: CVE-2019-2722 Tested Versions: Oracle VirtualBox 5.2.28 and earlier Oracle VirtualBox 6.0.6 and earlier Product URL(s): https://virtualbox.org VirtualBox is a x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. It is a solution commercially supported by Oracle, in addition to being made available as open source software. It runs on various host platforms like Windows, Linux, Mac and Solaris and also supports a large number of guest operating systems....

CVE: CVE-2019-9133 Tested Versions: KMPlayer 4.2.2.12 KMP Plus Product URL(s): http://www.kmplayer.com/ Description of the vulnerability K-Multimedia Player (KMPlayer) is a media player for Windows which can play a large number of formats including VCD, DVD, AVI, MKV, Ogg, OGM, 3GP, MPEG-1/2/4, AAC, WMA 7, 8, WMV, RealMedia, FLV and QuickTime. When processing .sup files, KMPlayer doesn’t check the Object size correctly, which leads to integer overflow then to memory out-of-bound read....

CVE: CVE-2018-20334 Tested Versions: ASUSWRT 3.0.0.4.384.20308 (2018/02/01) Product URL(s): https://www.asus.com/us/ASUSWRT/ ASUSWRT is the firmware that is shipped with modern ASUS routers. ASUSWRT has a web-based interface, so it doesn’t need a separate app, or restrict what you can change via mobile devices – you get full access to everything, from any device that can run a web browser. Vulnerability When processing the POST data, there is a command injection issue. By using this issue, an attacker can control the router....

CVE: CVE-2018-20335 Tested Versions: ASUSWRT 3.0.0.4.384.20308 (2018/02/01) Product URL(s): https://www.asus.com/us/ASUSWRT/ ASUSWRT is the firmware that is shipped with modern ASUS routers. ASUSWRT has a web-based interface, so it doesn’t need a separate app, or restrict what you can change via mobile devices – you get full access to everything, from any device that can run a web browser. Vulnerability An unauthenticated user can trigger a DoS (Denial of Service) of the httpd service in ASUSWRT....

CVE: CVE-2018-20336 Tested Versions: ASUSWRT 3.0.0.4.384.20308 (2018/02/01) Product URL(s): https://www.asus.com/us/ASUSWRT/ ASUSWRT is the firmware that is shipped with modern ASUS routers. ASUSWRT has a web-based interface, so it doesn’t need a separate app, or restrict what you can change via mobile devices – you get full access to everything, from any device that can run a web browser. Vulnerability There is a stack overflow issue in parse_req_queries function in wanduck.c, which may lead to information leak....

CVE: CVE-2019-16340 Tested Versions: Linksys Velop 1.1.2.185309 Product URL(s): https://www.linksys.com/us/velop/ Velop is a WHOLE HOMEMESH Wi-Fi system from LINKSYS. It allows users to enjoy fast, nonstop Wi-Fi everywhere with Velop’s modular easy-to-use Wi-Fi Mesh system. There are three categories from their official site: WHW0303, WHW0302, WHW0301. The differences between these three are the pack count: 1, 2 or 3. The system is the same. Vulnerability There are many information leak problems; one of them is through /sysinfo_json....