CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem...

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem...

CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

USN-3978-1 qemu update

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

Information Disclosure in Page Tree

It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to use-after-free vulnerability. This is possible with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. An attacker may exploit this issue to crash the affected application,...

Memory Corruption

Firefox is vulnerable to memory corruption attacks. This occurs during DOM manipulations of accessibility tree through script, the DOM tree can become out sync with the accessibility tree, crashing the application which results in denial of service...

Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

CVE-2019-11486

The Siemens R3964 line discipline driver in drivers/tty/nr3964.c in the Linux kernel before 5.0.8 has multiple race conditions...

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation

Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a syste...

SQL Injection Vulnerability in Ningbo Haishu Olive Tree Website Building System (CNVD-2019-13628)

Ningbo Haishu Olive Tree website builder is an enterprise website builder. SQL injection vulnerability exists in Ningbo Haishu Olive Tree website builder, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Ningbo Haishu Olive Tree Website Building System (CNVD-2019-13623)

Ningbo Haishu Olive Tree website builder is an enterprise website builder. SQL injection vulnerability exists in Ningbo Haishu Olive Tree website builder, which can be exploited by attackers to obtain sensitive information from the database...

USN-3932-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. CVE-2017-18249 Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadat...

DEBIAN-CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

UBUNTU-CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...

CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest...