The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...

PT-2019-2994 · Microsoft · Windows Rdp Server +1

Name of the Vulnerable Software and Affected Versions: Windows RDP server affected versions not specified Description: An information disclosure issue exists due to the improper disclosure of the Windows RDP server's memory contents. This could allow an attacker to obtain information that could b...

Important: Red Hat Security Advisory: redis:5 security update

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: rh-redis32-redis security update

An update for rh-redis32-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

DEBIAN-CVE-2019-5810

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

CVE-2019-12493

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...

Stack overflow

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...

CVE-2019-12493

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...

CVE-2019-12493

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allo...

The vulnerability of the Bouncy Castle cryptographic protection mechanism lies in the possibility of recovering unreliable data structures stored in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Bouncy Castle cryptographic protection lies in the recovery of unreliable data structures in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created personal key...

CVE-2019-12360

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

Stack overflow

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

CVE-2019-12360

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

CVE-2019-12360

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

The vulnerability of the jackson-databind library, related to the restoration of unreliable data structures in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the jackson-databind library relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the jackson-databind library, related to the restoration of unreliable data structures in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the jackson-databind library relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

Security update for python-azure-agent (important)

openSUSE Security Update: Security update for python-azure-agent Announcement ID: openSUSE-SU-2019:1106-1 Rating: important References: 1127838 Cross-References: CVE-2019-0804 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update f...

The vulnerability of the ColdFusion software platform, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform lies in the restoration of unreliable data structures in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created query...

The vulnerability of the NumPy module for Python, which allows a hacker to execute arbitrary code

The vulnerability of the NumPy module for Python is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Internet Bug Bounty: Invalid Read on exif_process_SOFn

This bug is present in exifscanthumbnail method of ext/exif/exif.c file. Detailed description and steps to reproduce for this bug is present in bug report submitted to php.net. Bug Report : https://bugs.php.net/bug.php?id=77540 PHP version : 7.1.26 CVE-ID : 2019-9640 Impact This bug may allow an...