Google Android NVIDIA Pixel C TrustZone Component Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android NVIDIA component Pixel C TrustZone. An attacker can exploit this vulnerability to elevate privileges and execu...

Memory Corruption

Mozilla Firefox is vulnerable to memory corruption. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

EulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2019-1309)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who...

EulerOS 2.0 SP2 : libssh2 (EulerOS-SA-2019-1308)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who...

PT-2019-18333 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.1.16828 Description: This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious fil...

Foxit Reader AcroForm value Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Lenovo Bootable Generator Code Issue Vulnerability

Lenovo Bootable Generator is a tool from Lenovo China for creating Linux diagnostics on a bootable USB. A security vulnerability exists in Lenovo Bootable Generator. A local attacker could exploit the vulnerability to execute code on the system...

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1209)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this...

GNU Wget Buffer Overflow Vulnerability

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A buffer overflow vulnerability exists in GNU Wget. An attacker could exploit the vulnerability to cause...

Cross site scripting

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...

CVE-2019-5524

VMware Workstation 14.x before 14.1.6 and Fusion 10.x before 10.1.6 contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host...

CVE-2019-5524

VMware Workstation 14.x before 14.1.6 and Fusion 10.x before 10.1.6 contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-3915-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3915-1 advisory. It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...

Integer overflow

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2019-07254)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including: DB2 Connect Server based on Linux, UNIX a...

CVE-2019-4016

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894...