DEBIAN-CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

Nextcloud: SSRF protection bypass

CVSS ---- High 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Description ----------- The filter which protects Nextcloud from SSRF can be bypassed using IPv6/IPv4 address embedding. SSRF protection is for example used in the calendar or dav apps. Successful exploitation of the issue will allow...

Microsoft Office Excel Security Feature Bypass

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in ...

fribidi Buffer Overflow Vulnerability

fribidi is an open source implementation of a bi-directional Unicode algorithm. A buffer overflow vulnerability exists in the 'fribidigetparembeddinglevelsex' function in the lib/fribidi-bidi.c file in fribidi versions 1.0.0 through 1.0.7, which can be exploited by an attacker to to cause a buffe...

UBUNTU-CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow

A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability...

The vulnerability of the Content Security Policy component in the Firefox browser allows attackers to execute cross-site scripting attacks.

The vulnerability of the Content Security Policy component in the Firefox browser arises from the possibility of embedding HTML code. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

New Relic: Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF

Hey team, I've discovered an improper user-input filtration issue at charts embedding herald.service.newrelic.com leading to both cross-account stored XSS and SSRF. There is an action Get chart link for some charts for instance, for the ones located at Mobile - Overview. F600887 After user clicks...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow

A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability...

The vulnerability of the pango_log2vis_get_embedding_levels function in the Pango library allows a hacker to execute arbitrary code.

The vulnerability of the pangolog2visgetembeddinglevels function in the Pango library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Gnome Pango Buffer Overflow Vulnerability

Pango is an internationalized text layout and rendering library. A heap buffer overflow vulnerability exists in the pangolog2visgetembeddinglevels function in Gnome Pango 1.42 and later, which can be exploited by an attacker to execute code...

ALPINE-CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...

Infogram: Bypass for blind SSRF #281950 and #287496

Hello, when checking these 2 reports 281950 and 287496 i found that it can be bypassed using IPv6/IPv4 Address Embedding Steps to reproduce: 1-access this link https://infogram.com/api/webresource/url?q=http://0:0:0:0:0:ffff:127.0.0.1 POC: F528736 Refrences:...

The vulnerability of the OLE component of the Windows operating system, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the OLE component in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Design/Logic Flaw

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

PT-2019-16884 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-10055 via tensorflow (>=1.0.1 <=1.7.0)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-10055 Source advisory: OSV:PYSEC-2019-204...

Steganography in the Modern Attack Landscape

Steganography the hiding of data in other content types such as images, videos, network traffic etc. continues to play a role in modern attacks in several forms. Most uses of steganography in malware can be divided into two broad categories: concealing the actual malware contents and concealing t...

USN-3940-1 clamav vulnerabilities

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2019-1787 It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote...