The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

phpFox 4.8.13 PHP Object Injection

-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...

Exploit for Code Injection in Utoronto Pcrs

CVE-2023-46404 PCRShttps://mcs.utm.utoronto.ca/pcrs/pcrs/...

SUSE CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 119 that stems from additional operations being performed on objects that should not be executed during garbage collection. This could lead to...

DEBIAN-CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Double free

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

CVE-2023-5633

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

Vulnerabilities fixed in Oracle PeopleSoft

Vulnerabilities have been fixed in Oracle PeopleSoft. The vulnerabilities allow a malicious party to carry out attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Access to sensitive data Oracle has fixed the vulnerabilities in the following...

CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

Remote code execution

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-22090

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Events & Notifications. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2023-22090

CVE-2023-22090 affects Oracle PeopleSoft Enterprise CC Common Application Objects (component: Events & Notifications) version 9.2. The vulnerability arises from insufficient input validation in the CC Common Application Objects, allowing a low-privileged attacker with HTTP-access network reach to...

Snapshot fuzzing direct composition with WTF

Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer "WTF" which targets Direct Composition in Windows. Talos vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. The Bochscpu backend of WTF was patched and other...

Oracle PeopleSoft Enterprise CC Common Application Objects Security Vulnerability

Oracle PeopleSoft Enterprise CC Common Application Objects is a Common Application Objects component from Oracle Corporation. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft Enterprise CC Common Application Objects version 9.2, which originated when a low-privileged attacker who...

OpenFGA Resource Management Error Vulnerability

OpenFGA is OpenFGA's high performance and flexible authorization/licensing engine built for developers and inspired by Google Zanzibar. A security vulnerability exists in OpenFGA 1.3.3 and earlier versions, which results in a denial of service DOS when too many ListObjects calls are executed...

PT-2023-29700 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 1.3.4 Description: OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number ...