CVE-2019-17021

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 68.4 and Firefo...

CVE-2019-17015

During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...

(0Day) Microsoft Outlook HTML Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open an email. The specific flaw exists within the handling of HTML. The issue results fr...

Updated xpdf packages fix security vulnerability

The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. CVE-2019-17064...

Design/Logic Flaw

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json...

CVE-2019-8629

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges...

CVE-2019-8552

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges...

CVE-2019-8540

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

CVE-2019-8504

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory...

CVE-2019-8540

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout...

CVE-2019-8552

CVE-2019-8552 is an Apple memory-init issue that is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, and watchOS 5.2. The vulnerability could allow a malicious application to elevate privileges due to improved memory handling. Affected products are iOS, macOS Mojave, tvOS, and watchOS as liste...

CVE-2019-8552

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges...

CVE-2019-8540

CVE-2019-8540 describes a memory initialization issue that could allow a malicious app to determine kernel memory layout. The issue is fixed in Apple platforms as follows: iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, and watchOS 5.2. The root cause is a memory initialization problem related to impr...

CVE-2019-8504

CVE-2019-8504 is an Apple memory initialization issue affecting the IOKit/kernel memory handling. The vulnerability could allow a local user to read kernel memory. The issue is addressed in official Apple advisories with patches in iOS 12.2 and macOS Mojave 10.14.4; multiple connected sources con...

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download:...

Apple macOS fseventsd Uninitialized Buffer Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the fseventsd...

October 15, 2019-KB4519562 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 and Windows Server 2016

October 15, 2019-KB4519562 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 and Windows Server 2016 Release Date: October 15, 2019 Version: .NET Framework 4.8 The October 15, 2019 update for Windows 10 Version 1607 and Windows Server 2016 includes cumulative reliability...

GHSA-H7QW-MXRM-C6H2 Unauthenticated crypto and weak IV in Magento\Framework\Encryption

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...

CVE-2019-19065

A memory leak in the sdmainit function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service memory consumption by triggering rhashtableinit failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because...

UBUNTU-CVE-2019-19067

Four memory leaks in the acphwinit function in drivers/gpu/drm/amd/amdgpu/amdgpuacp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service memory consumption by triggering mfdaddhotplugdevices or pmgenpdadddevice failures, aka CID-57be09c6e874. NOTE: third parties dispute...