FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability stat...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability statu...

CVE-2011-3632

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks...

Prototype Pollution

Overview All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

The vulnerability in the web interface of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to disclose protected information or cause service failures.

The vulnerability of the Web interface for Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose...

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload function var ex = new Erro...

Microsoft ActiveX Data Objects Remote Code Execution (CVE-2019-0888)

A use-after-free vulnerability exists in ActiveX Data Objects. This vulnerability is due to the way that ActiveX Data Objects ADO handle objects in memory. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-42431)

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site scripting vulnerability exists in SAP Business Objects...

Microsoft Windows Multiple Vulnerabilities (KB4525241)

This host is missing a critical security update according to Microsoft KB4525241 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

Microsoft Office Information Disclosure Vulnerability (CNVD-2020-20380)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. An information disclosure vulnerability exists in Microsoft Office, which stems from the program's...

CVE-2019-1406

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'...

CVE-2019-1395

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434...

CVE-2019-1392

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'...

CVE-2019-1390

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'...

CVE-2019-1394

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434...

CVE-2019-1393

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438...

Information disclosure

An information disclosure vulnerability exists in the way Windows Error Reporting WER handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'...

CVE-2019-1448

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'...

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...