CVE-2019-11588

CVE-2019-11588 affects Atlassian Jira where the ViewSystemInfo.doGarbageCollection method is vulnerable to CSRF, allowing remote attackers to trigger garbage collection. Affected versions are Jira before 7.13.6; Jira 8.0.0–8.2.2; Jira 8.3.0–8.3.1. The issue is fixed in Jira 7.13.6, 8.2.3, and 8.3...

CVE-2019-11588

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery CSRF vulnerability...

Design/Logic Flaw

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...

CVE-2019-3884

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...

PT-2019-16753 · Red Hat · Atomic-Openshift

Name of the Vulnerable Software and Affected Versions: atomic-openshift versions 3.6 through 4.1 Description: A flaw in the garbage collection mechanism allows an attacker to spoof the UUID of a valid object from another namespace, enabling them to delete children of those objects. Recommendation...

macOS iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles

macOS iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: // Run with --useConcurrentJIT=false...

CVE-2018-14866

Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs...

Improper access control

Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs...

UBUNTU-CVE-2019-5787

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5787

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Apple macOS 10.14.5 iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free

Apple macOS 10.14.5 iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its executi...

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit

macOS 10.14.5 / iOS 12.3 DFG JIT Compiler - HasIndexedProperty Use-After-Free Exploit See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its...

Apple macOS &lt; 10.14.5 / iOS &lt; 12.3 DFG JIT Compiler - &#039;HasIndexedProperty&#039; Use-After-Free

See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its execution 1. With this, it is then possible for the compiler to determine whether there...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. ...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security and bug fix update

An update for ceph and grafana is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2019-3884

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects...

[SECURITY] Fedora 29 Update: lua-5.3.5-3.fc29

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

January 22, 2019 — KB4481031 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019

January 22, 2019 — KB4481031 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 01/22/2019Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system features are...

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free Exploit

/ The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF. PoC: ...

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free / The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collectio...