The vulnerability of the SAP Business Objects Business Intelligence Platform lies in its ability to download files of a dangerous type without limit, allowing attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the SAP Business Objects Business Intelligence Platform relates to the unlimited loading of files of a sensitive type. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...

scipy: use-after-free in Py_FindObjects() function

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a use-after-free bug in the PyFindObjects function. By sending a specially crafted request, an attacker can cause a denial of service condition...

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

The vulnerability of the Events & Notifications sub-component of the PeopleSoft Enterprise CC Common Application Objects component of the Oracle PeopleSoft Products allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Events & Notifications sub-component of the PeopleSoft Enterprise CC Common Application Objects component in the Oracle PeopleSoft Products suite of business applications is related to insufficient validation of input data. Exploiting this vulnerability may allow an...

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

phpFox 4.8.13 PHP Object Injection

-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...

Exploit for Code Injection in Utoronto Pcrs

CVE-2023-46404 PCRShttps://mcs.utm.utoronto.ca/pcrs/pcrs/...

SUSE CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 119 that stems from additional operations being performed on objects that should not be executed during garbage collection. This could lead to...

DEBIAN-CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Double free

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the following...

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

Remote code execution

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-22090

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Events & Notifications. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2023-22090

CVE-2023-22090 affects Oracle PeopleSoft Enterprise CC Common Application Objects (component: Events & Notifications) version 9.2. The vulnerability arises from insufficient input validation in the CC Common Application Objects, allowing a low-privileged attacker with HTTP-access network reach to...