DEBIAN-CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. busprocessobject in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to...

Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An remote attacker can exploit this, via a specially crafted request, to execute arbitrary code with elevated permissions on a target system. C Tenable Network Security,...

HackerOne: Moving a report to a different program doesn't reassign the Custom Field Values

When a report is moved to a different program, all associated objects are either removed or copied to the new program. During an internal security review of the Custom Fields feature it was observed that this isn't the case for Custom Field Values. This means that even after a report has moved, t...

Prototype Pollution

safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...

Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager

Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...

Microsoft Edge Security Bypass Vulnerability (CNVD-2019-07241)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security bypass vulnerability exists in Microsoft Edge that stems from the Click2Play protection feature incorrectly handling flash objects. An attacker could use this vulnerability to...

Microsoft Windows Privilege Access Control Vulnerability

Microsoft Windows Server and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server Microsoft Windows Server is a set of server operating systems. win32k is the kernel...

Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This...

Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the bypass vulnerability in conjunction with another...

Windows ActiveX Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the ActiveX Data objects ADO handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Arbitrary Code Execution

GraniteDS is vulnerable to arbitrary code execution. It fails to prevent instantiation of untrusted object via public parameter-less constructor and calling arbitrary Java Beans setter methods. Thereby allowing an attacker to send malicious Java objects with pre-set properties, leading to arbitra...

CVE-2019-0661

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663...

CVE-2019-0656

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'...

CVE-2019-0621

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663...

CVE-2019-0601

An information disclosure vulnerability exists when the Human Interface Devices HID component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0600...

Remote code execution

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662...

(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...