CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2019-2774

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2019-2791

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

Oracle Solaris Critical Patch Update : jul2019_SRU11_4_8_5_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Sun Systems Products Suite component: Filesystem. Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low...

Solaris 10 (x86) : 153061-01

Vulnerability in the Oracle Solaris product of Oracle Sun Systems Products Suite component: Common Desktop Environment. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...

MySQL -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 45 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

UBUNTU-CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

Mozilla Firefox < 68.0

The version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such ...

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11714

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox 68...

Mozilla Firefox < 68.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth ----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handlin...

Siemens SIPROTEC 5 and DIGSI 5 (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemen...

Schneider Electric Zelio Soft 2

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution through the opening of a...

Mozilla: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...