CVE-2019-0346

Unencrypted communication error in SAP Business Objects Business Intelligence Platform Central Management Console, version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure...

CVE-2019-0334

When creating a module in SAP BusinessObjects Business Intelligence Platform BI Workspace, versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other...

CVE-2019-0331

Under certain conditions, SAP BusinessObjects Business Intelligence Platform BI Workspace, versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure...

Information disclosure

Unencrypted communication error in SAP Business Objects Business Intelligence Platform Central Management Console, version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure...

CVE-2019-0346

The CVE-2019-0346 entry concerns SAP Business Objects Business Intelligence Platform (Central Management Console) v4.2, where an unencrypted communication error can disclose the list of user names and roles imported from SAP NetWeaver BI systems. The affected component is the Central Management C...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2019-27427)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An information disclosure vulnerability exists in Microsoft Edge, which arises from the program failing to properly validate memory objects. An attacker could exploit the vulnerability to...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Microsoft Browser Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

PT-2019-3004 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Graphics Component affected versions not specified Description: An information disclosure issue exists due to the improper handling of objects in memory by the Microsoft Windows Graphics Component. This could allow an attack...

PT-2019-3031 · Microsoft · Windows Kernel Image +1

Name of the Vulnerable Software and Affected Versions: Windows kernel image affected versions not specified Description: The issue is related to how the Windows kernel image handles objects in memory. An attacker could exploit this to execute code with elevated permissions by running a specially...

sssd: improper implementation of GPOs due to too restrictive permissions

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0159)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of...

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0153)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafte...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parsergetnextchar when processing certain email messages,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...

Improper Access Restriction

sssd is vulnerable to improper access restriction. The vulnerability exists because it does not implement Group Policy Objects, resulting in too restrictive permissions.Therefore sssd allows authenticated users to login instead of denying access...

sssd: improper implementation of GPOs due to too restrictive permissions

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access...