The vulnerability of the org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the org.apache.commons_proxy_provider.remoting.RmiProvider component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.apache.commonsproxyprovider.remoting.RmiProvider component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality,...

The vulnerability of the ignite-jta class in the Jackson-databind library of the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ignite-jta class in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the Jackson-databind library in the FasterXML project allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Jackson-databind library in the FasterXML project relates to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the org.apache.openjpa.ee.WASRegistryManagedRuntime component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.apache.openjpa.ee.WASRegistryManagedRuntime component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrit...

EulerOS 2.0 SP3 : poppler (EulerOS-SA-2021-1112)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by...

Multiple Palo Alto Networks Product Information Disclosure Vulnerabilities

Palo Alto Networks PAN-OS and others are products of Palo Alto Networks, Inc.Palo Alto Networks PAN-OS is a set of operating systems developed for its firewall appliances.Palo Alto Networks PA-200 is a firewall appliance.Palo Alto Networks PA-220 is a firewall appliance. An information disclosure...

The vulnerability of the PHP framework Yii, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Yii is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

CVE-2020-15292

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor IntPeGetDirectory, TOCTOU IntPeParseUnwindData or insufficie...

Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for managing access rights. This vulnerability allows a malicious actor to trigger a service failure.

The vulnerabilities of the software packages for supervisory control and data collection MC Works64/MC Works32, the FrameWorX server, the centralized configuration environment for HMI-/SCADA applications, the Platform Services software platform, and the GenBroker64/GenBroker32 application for...

Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for managing access rights. This vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure.

The vulnerabilities of the software packages for supervisory control and data collection, MC Works64/MC Works32, the FrameWorX server, the centralized configuration environment for HMI-/SCADA applications, the Platform Services software platform, and the GenBroker64/GenBroker32 application for...

A flaw was found in the fix for CVE-2019-11135 in the Linux upstream kernel versions before 5.5 where the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0) but is not affected by the MDS issue (MDS_NO=1) the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

...

chromium-browser: Insufficient policy enforcement in networking

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering...

PT-2020-3913 · Microsoft · Windows Active Directory Integrated Dns +1

Name of the Vulnerable Software and Affected Versions: Windows Active Directory integrated DNS ADIDNS affected versions not specified Description: An information disclosure issue exists due to the mishandling of objects in memory by Active Directory integrated DNS ADIDNS. This allows an...

The vulnerability of the PersistenceManager component in the Apache Tomcat application server allows a hacker to execute arbitrary code.

The vulnerability of the PersistenceManager component in the Apache Tomcat application server is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created request...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2020-43109)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in the Microsoft Windows Kernel, which aris...

Information Disclosure Vulnerability in Schneider Electric Modicon M580

The Modicon M580 is a programmable logic controller from Schneider Electric. An information disclosure vulnerability exists in the Schneider Electric Modicon M580, which can be exploited by an attacker to obtain arbitrary memory data...

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

MGASA-2020-0291 Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

The vulnerability of the Log4j Java logging library, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Log4j logging library in Java programs involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...