CVE-2019-3884

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...

CVE-2019-3884

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-25982)

SAP BusinessObjects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability exists in SAP BusinessObjects...

iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

The class NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the NSData bytes selector is called. This presents two problems. First, it could potentially allow undesired access to local...

CVE-2019-1119

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124,...

CVE-2019-1118

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124,...

Apple Safari FloatingObjects Memory Misreference Vulnerability

Safari is a web browser developed by Apple and built into macOS and OS X. It is also the default browser built into iOS. A security vulnerability exists in the handling of GraphicsContext objects in Apple Safari. The vulnerability stems from a failure to validate the existence of an object before...

openSUSE Security Update : live555 (openSUSE-2019-1797)

This update for live555 fixes the following issues : - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. boo1127341 - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead ...

DEBIAN-CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

DEBIAN-CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

ALPINE-CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

CVE-2019-11707

CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox/Thunderbird caused by issues in Array.pop when manipulating JavaScript objects, leading to an exploitable crash. It affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird

Security update for live555 (moderate)

openSUSE Security Update: Security update for live555 Announcement ID: openSUSE-SU-2019:1797-1 Rating: moderate References: 1121995 1124159 1127341 Cross-References: CVE-2019-7314 CVE-2019-9215 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that solve...

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

PT-2019-16984 · Hewlett Packard +2 · Hp-Ux +2

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 7.1 Description: The issue affects the backup or archive operation of HP-UX VxFS objects. If an object has more than twelve Access Control List ACL entries, the IBM Spectrum Protect client silently skips these...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...