CVE-2019-12439

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...

CVE-2019-8352

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code ...

Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat and Reader Use After Free (APSB19-18: CVE-2019-7768)

A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Facebook WhatsApp Buffer Overflow Vulnerability

Facebook WhatsApp is a suite of mobile applications from the American company Facebook that utilize the web to deliver text messages. Facebook WhatsApp suffers from a buffer overflow vulnerability that allows remote attackers to exploit the vulnerability to submit a special request that can be us...

EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1362)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from th...

CVE-2019-11508

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker via the admin web interface can exploit Directory Traversal to execute arbitrary code on the appliance...

Google Android NVIDIA Pixel C TrustZone Component Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android NVIDIA component Pixel C TrustZone. An attacker can exploit this vulnerability to elevate privileges and execu...

Memory Corruption

Mozilla Firefox is vulnerable to memory corruption. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

EulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2019-1309)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who...

EulerOS 2.0 SP2 : libssh2 (EulerOS-SA-2019-1308)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who...

Foxit Reader AcroForm value Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

PT-2019-18333 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.4.1.16828 Description: This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious fil...

Lenovo Bootable Generator Code Issue Vulnerability

Lenovo Bootable Generator is a tool from Lenovo China for creating Linux diagnostics on a bootable USB. A security vulnerability exists in Lenovo Bootable Generator. A local attacker could exploit the vulnerability to execute code on the system...

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found ...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1209)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this...

GNU Wget Buffer Overflow Vulnerability

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A buffer overflow vulnerability exists in GNU Wget. An attacker could exploit the vulnerability to cause...

Cross site scripting

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...

CVE-2019-5524

VMware Workstation 14.x before 14.1.6 and Fusion 10.x before 10.1.6 contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host...

CVE-2019-5524

VMware Workstation 14.x before 14.1.6 and Fusion 10.x before 10.1.6 contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host...