CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

CVE-2019-0891

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-089...

Remote code execution

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-089...

CVE-2019-0930

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'...

Remote Code Execution (RCE)

RubyGems is vulnerable to remote code execution attacks. YAML deserialization of gem specifications can bypass class white lists. A remote, unauthenticated attacker could create specially crafted, serialized objects to be possibly used for remote code execution...

CVE-2019-0903

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Microsoft Office Remote Code Execution Vulnerability (May 2019) - Mac OS X

This host is missing an important security update for Microsoft Office 2016/2019 on Mac OS X according to Microsoft security update May 2019 SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Adobe Acrobat Reader DC EScript Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-0289

Under certain conditions SAP BusinessObjects Business Intelligence platform Analysis for OLAP, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...

CVE-2019-0280

SAP Treasury and Risk Management EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03, does not perform necessary authorization checks for authorization objects TDEALDP and TDEALPD , resulting in escalation of privileges...

CVE-2018-10115

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service segmentation fault or execute arbitrary code via a crafted RAR archive...

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

wildfly-core: Cross-site scripting (XSS) in JBoss Management Console

A cross-site scripting XSS vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users...

[SECURITY] Fedora 30 Update: rubygem-activerecord-5.2.3-1.fc30

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...

(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Chrome 72.0.3626.119 FileReader Use-After-Free Exploit

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling...

Google Android System objects.cc file remote code execution vulnerability

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in the CalculateInstanceSizeForDerivedClass of the objects.cc file in Android. An attacker could exploit the vulnerability to execute code...

The vulnerability of the SAP NetWeaver software integration platform lies in errors in processing external XML objects during XML file analysis, which allows attackers to trigger service failures.

The vulnerability of the SAP NetWeaver software integration platform is related to errors in processing external XML objects during the analysis of XML files XXE. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially crafted request...