HTML Injection

Overview Versions of preact 10.x on prerelease tags alpha and beta prior to 10.0.0-beta.1 are vulnerable to HTML Injection. Due to insufficient input validation the package allows attackers to inject JavaScript objects as virtual-dom nodes, which may lead to Cross-Site Scripting. This requires us...

Use-After-Free

mozilla firefox is vulnerable to use-after-free vulnerability. This occurs during WebRTC session shutdown when DTLS objects in memory are freed while still actively in use resulting in a potentially exploitable crash...

Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

Type confusion

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

Oracle WebLogic Server wls9_async_response / wls-wsat Remote Code Execution

The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the WLS9-async component due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execut...

GLib: Multiple vulnerabilities

Background GLib is a library providing a number of GNOME’s core objects and functions. Description Multiple vulnerabilities have been discovered in GLib. Please review the referenced bug for details. Impact Please review the referenced bugs for details. Workaround There is no known workaround at...

UBUNTU-CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

DEBIAN-CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

The vulnerability of the Microsoft XML Core Services MSXML on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft XML Core Services MSXML in the Windows operating system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote...

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

The vulnerability of the XML analyzer browser Internet Explorer, which allows a hacker to disclose protected information

The vulnerability of the XML browser analyzer Internet Explorer is related to a bug that restricts XML links to external objects. Exploiting this vulnerability can allow an attacker to gain access to local files and disclose protected information using a specially crafted MHT file MHTML Web Archi...

Microsoft Internet Explorer Property Put Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Office Access Connectivity Engine Input Validation Error Vulnerability (CNVD-2019-27312)

Microsoft Office is a U.S. Microsoft Microsoft company's office software suite of products. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. Office Access Connectivity Engine is one of the database connection engine. A remote code execution vulnerability...

CVE-2019-0844

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0840...

CVE-2019-0856

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'...

CVE-2019-0842

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'...

CVE-2019-0853

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'...

CVE-2019-0835

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'...

CVE-2019-0828

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'...