Microsoft Git for Visual Studio CVE-2019-1354 Remote Code Execution Vulnerability

Description Microsoft Git for Visual Studio is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Microsoft Remote Desktop Services (RDP8) license negotiation denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the RDP8 implementation of Microsoft’s Remote Desktop Services. A certain component of license negotiation can allow a remote client to read an amount of memory that is controlled by the client. Due to this, a client can coerce the...

Siemens and PKE SiNVR, SiVMS Video Server (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens and PKE Equipment: SiNVR, SiVMS Video Servers Vulnerabilities: Missing Authentication for Critical Function, Weak Cryptography for Passwords...

Mozilla Firefox ESR < 68.3

The version of Firefox ESR installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory. - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith...

Mozilla Firefox < 71.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian...

Mozilla Firefox ESR < 68.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory. - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson...

CVE-2019-5098

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be...

Mozilla: Buffer overflow in plain text serializer

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

OpenBSD Multiple Authentication Vulnerabilities

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response...

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17005

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17008

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17010

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-17011

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird 68.3, Firefox ESR 68.3, and Firefox 71...

CVE-2019-5133

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...

CVE-2019-5132

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim...

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...