CVE-2019-2586

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: RemoteCall. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

UBUNTU-CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

DEBIAN-CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

chromium-browser: Heap buffer overflow in WebGL

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

chromium-browser: Inappropriate implementation in V8

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

CVE-2018-15780

RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information...

Orange Livebox Information Disclosure Vulnerability

Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker can exploit the vulnerability by sending a GET request to the /getgetnetworkconf.cgi URI to obtain the SSID and WI-FI password of the device...

DEBIAN-CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

DEBIAN-CVE-2018-3157

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Sound. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

Microsoft SharePoint Enterprise Server Remote Elevation of Privilege Vulnerability (CNVD-2019-00965)

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An...

UBUNTU-CVE-2018-6034

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

UBUNTU-CVE-2018-6038

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

DEBIAN-CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode ICU for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2018-15697

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ashhistory...

CVE-2018-2905

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: Core Services. The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromi...

PT-2018-2307

Name of the Vulnerable Software and Affected Versions Sprockets versions 4.0.0.beta7 and lower Sprockets versions 3.7.1 and lower Sprockets versions 2.12.4 and lower Description The issue is related to errors in request processing, allowing a remote attacker to read files outside an application's...

Denial Of Service (DoS)

github.com/prometheus/prometheus is vulnerable to denial of service DoS attacks. The vulnerability exists due to the lack of limit checks of the remote read endpoint, allowing large amount of data to be written in the server's memory, causing a DoS attack...