Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

PYSEC-2019-41

psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...

iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address

During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary. However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secu...

EulerOS 2.0 SP5 : sssd (EulerOS-SA-2019-2190)

According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the...

Moderate: Red Hat Security Advisory: rh-python36-python security, bug fix, and enhancement update

An update for rh-python36-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Mozilla Firefox ESR < 31.4 Multiple Vulnerabilities

Binary data 701250.prm...

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects Exploit

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std::removepointer::type::info ../../So...

RHEL 8 : sssd (RHSA-2019:3651)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3651 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

sssd: improper implementation of GPOs due to too restrictive permissions

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access...

numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

squid:4 security and bug fix update

An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...

JSC Argument Object Reconstruction Type Confusion

JSC: Type confusion during bailout when reconstructing arguments objects The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10...

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std...

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10...

Mozilla: Unintended access to a privileged JSONView object

A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network...

Medium: sssd

Issue Overview: A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.CVE-2018-16838 A vulnerability was found in sss...

CVE-2019-15939

A divide by zero vulnerability was found in OpenCV in the way HOGDescriptor objects are created by loading their properties from a local file. Local files with no "cellSize" property may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted file tha...

jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Multiple Vulnerabilities (NS-SA-2019-0195)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the emp...

SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2019:2650-1)

This update for binutils fixes the following issues : binutils was updated to current 2.32 branch @7b468db3 jscECO-368 : Includes the following security fixes : CVE-2018-17358: Fixed invalid memory access in bfdstabsectionfindnearestline in syms.c bsc1109412 CVE-2018-17359: Fixed invalid memory...