CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized...

Cisco Data Center Network Manager serverinfo Hardcoded Password Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of web requests. The system contains a hard-cod...

CVE-2018-11237

A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code...

2345 Accelerate Browser suffers from dll hijacking vulnerability

2345 Accelerated Browser is a dual-core browser Chromium and IE dual-core promoted by Shanghai 2,3,4,5 Network Technology Co. 2345 Accelerated Browser has a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

Docker docker-credential-helpers Double Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within docker-credential-helpers. Th...

Microsoft SQL Server Reporting Services Cross-Site Scripting Vulnerability

Microsoft SQL Server Reporting Services is a server-based reporting platform. A cross-site scripting vulnerability exists in Microsoft SQL Server Reporting Services that originates from the program failing to properly clean up a specially crafted web request. A remote attacker could exploit the...

Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-4220-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4220-1 advisory. Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to...

Adobe Acrobat and Reader Buffer Overflow Vulnerability (CNVD-2019-45967)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader buffer overflow vulnerability, attackers can use the vulnerability to execute arbitrary code...

Microsoft Windows AppX Deployment Service Hard Link Escalation of Privilege Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deploymen...

USN-4220-1 git vulnerabilities

Joern Schneeweisz and Nicolas Joly discovered that Git contained various security flaws. An attacker could possibly use these issues to overwrite arbitrary paths, execute arbitrary code, and overwrite files in the .git directory...

Aviatrix VPN Client Privilege Handling Elevation of Privilege Vulnerability

Aviatrix VPN Client is a VPN Virtual Private Network client application that provides SAML authentication. A security vulnerability exists in Aviatrix VPN Client version 2.2.10 and earlier, which stems from the program assigning weak file permissions to the installation path. A local attacker can...

CVE-2019-4130

CVE-2019-4130 affects IBM Cloud Pak System 2.3 and 2.3.0.1, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the vulnerable server. The IBM Security Bulletin corroborates this issue and provides affected versions and recommended fixes. The remediation...

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...

Foxit PDF pc Client Software DLL Hijacking Vulnerability

Foxit PDF provides the same PDF rendering engine as Foxit Reader and Foxit Fengyuan PDF electronic document processing suite, using the same underlying technology as Google Chrome's embedded PDF reader, which provides a fast and clear reading experience for a wide range of users. Foxit PDF pc...

CVE-2019-6186

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user...

CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

Microsoft Windows CreateXlateObject Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Microsoft Windows InstallService Hard Link Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Microsoft Stor...

Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling ...

Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte...