Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-4220-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4220-1 advisory. Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to...

Adobe Acrobat and Reader Buffer Overflow Vulnerability (CNVD-2019-45967)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader buffer overflow vulnerability, attackers can use the vulnerability to execute arbitrary code...

Microsoft Windows AppX Deployment Service Hard Link Escalation of Privilege Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deploymen...

USN-4220-1 git vulnerabilities

Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory...

Aviatrix VPN Client Privilege Handling Elevation of Privilege Vulnerability

Aviatrix VPN Client is a VPN Virtual Private Network client application that provides SAML authentication. A security vulnerability exists in Aviatrix VPN Client version 2.2.10 and earlier, which stems from the program assigning weak file permissions to the installation path. A local attacker can...

CVE-2019-4130

CVE-2019-4130 affects IBM Cloud Pak System 2.3 and 2.3.0.1, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the vulnerable server. The IBM Security Bulletin corroborates this issue and provides affected versions and recommended fixes. The remediation...

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...

Foxit PDF pc Client Software DLL Hijacking Vulnerability

Foxit PDF provides the same PDF rendering engine as Foxit Reader and Foxit Fengyuan PDF electronic document processing suite, using the same underlying technology as Google Chrome's embedded PDF reader, which provides a fast and clear reading experience for a wide range of users. Foxit PDF pc...

CVE-2019-6186

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user...

CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling ...

Microsoft Windows InstallService Hard Link Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Microsoft Stor...

Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte...

Google Android Library Buffer Overflow Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A buffer overflow vulnerability exists in Google Android Library. An attacker can exploit the vulnerability to execute code...

F5 BIG-IP AFM SQL Injection Vulnerability

F5 BIG-IP AFM is an advanced firewall product for protection against DDos attacks. F5 BIG-IP AFM suffers from a SQL injection vulnerability, which can be exploited by remote attackers to submit a special SQL request to manipulate a database, obtain sensitive information or execute arbitrary code...

Ubuntu 16.04 LTS / 18.04 LTS : Whoopsie regression (USN-4170-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4170-2 advisory. USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. We apologize fo...

(0Day) Jenkins SOASTA CloudTest Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins SOASTA CloudTest. Authentication is required to exploit this vulnerability. The specific flaw exists within the SOASTA CloudTest plugin. The issue results from storing credentials in...

Ubuntu 16.04 LTS / 18.04 LTS : Whoopsie vulnerability (USN-4170-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4170-1 advisory. Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of...

Oracle VirtualBox VMSVGA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...