The vulnerability of the String#unpack method in the Ruby programming language allows attackers to exploit it to disclose protected information.

The vulnerability of the Stringunpack method in the Ruby programming language is related to the use of uncontrolled format strings. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information that is protected by this method...

The vulnerability of Google Chrome’s WebAudio component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome’s WebAudio component relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information through a specially created HTML page...

The vulnerability of Microsoft Office packages, related to errors in information presentation by the user interface, allows an intruder to gain unauthorized access to protected information.

The vulnerability of Microsoft Office packages is related to errors in information representation by the user interface. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information using a specially crafted file...

The vulnerability of Google Chrome’s ServiceWorker script allows a hacker to gain unauthorized access to protected information.

The vulnerability of Google Chrome’s ServiceWorker script relates to the ability for “ServiceWorker” to periodically send an activation event to itself. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability in the implementation of the FileSessionDataStore class for the Jetty HTTP server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FileSessionDataStore class implementation in the Jetty HTTP server is related to a configuration error in J2EE. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by managing sessions using the...

The vulnerability of the Apache Thrift interface description language in Node.js allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Apache Thrift interface description language in Node.js lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Secure/Multipurpose Internet Mail Extentions (S/MIME) encryption function in the Thunderbird email client allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Secure/Multipurpose Internet Mail Extensions S/MIME function in the Thunderbird email client is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Microsoft SharePoint Enterprise Server software and the Microsoft SharePoint Foundation email messaging software lies in its ability to allow unlimited download of files of a dangerous type, enabling an intruder to gain unauthorized access to protected information.

The vulnerability of the Microsoft SharePoint Enterprise Server software and the Microsoft SharePoint Foundation email messaging software is related to the unlimited download of sensitive files. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

The vulnerability of Google Chrome, related to the insecure processing of credit card data during autofilling, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Google Chrome relates to the insecure processing of credit card data during automatic filling. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...

The vulnerability in the implementation of the WebRTC technology in Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WebRTC technology implemented in Google Chrome browser is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created fi...

USN-4200-1 redmine vulnerabilities

It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. CVE-2019-17427 It was discovered that an SQL injection could allow users to access protected information via a crafted obje...

The vulnerability of daughter FPM processes in the PHP interpreter allows attackers to bypass access control in OpCache and gain unauthorized access to protected information.

The vulnerability of daughter FPM processes in the PHP interpreter is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to bypass opcache access controls and gain unauthorized access to protected information...

The vulnerability of the Internal Operations component of the Oracle Retail Xstore Payment software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

Vulnerability of the Internal Operations component of the Oracle Retail Xstore Payment software, with access control deficiencies. Exploitation of this vulnerability could allow an attacker operating remotely to modify, add, or delete data, or gain unauthorized access to protected information usi...

The vulnerability of Intel Active Management Technology’s microprogramming software, related to insufficient validation of input data, allows attackers to disclose protected information.

The vulnerability of Intel Active Management Technology AMT-powered microprogramming software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Dynamic Application Loader (DAL) arises from insufficient validation of input data, allowing attackers to disclose protected information.

The vulnerability of Microprogramming Software: Intel Converged Security and Manageability Engine CSME, Intel Trusted Execution Engine TXE, and Intel Dynamic Application Loader DAL is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to disclose...

The vulnerability of the ParseJSS component in the VideoLAN VLC media player software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ParseJSS component in the VideoLAN VLC media player software arises from reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

DEBIAN-CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

The vulnerability of the “INSERT ... ON CONFLICT DO UPDATE” command implementation in the PostgreSQL database management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the “INSERT ... ON CONFLICT DO UPDATE” command in the PostgreSQL database management system is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the fork() function in the OpenSSL library, which allows a hacker to gain unauthorized access to protected information

The vulnerability of the fork function in the OpenSSL library is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...

The vulnerability of the CMSdecrypt and PKCS7decrypt functions (cms_env.c, cms_smime.c, and pk7_doit.c) in the OpenSSL library, related to deficiencies in the secret data encryption mechanism, allows attackers to gain unauthorized access to protected information.

The vulnerability of the CMSdecrypt and PKCS7decrypt functions cmsenv.c, cmssmime.c, and pk7doit.c in the OpenSSL library is related to deficiencies in the encryption mechanism for confidential data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized...