Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Mozilla: Undesired attributes could be set as part of prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution...

The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

Foxit PhantomPDF < 10.1.8 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.8. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

Security Updates for Microsoft Word Products C2R (August 2019)

A Microsoft Word product is missing security updates. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability...

Security Updates for Microsoft Word Products C2R (April 2020)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data;...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

June 7, 2022, update for Office 2016 (KB5002182)

June 7, 2022, update for Office 2016 KB5002182 This article describes update 5002182 for Microsoft Office 2016 that was released on June 7, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

Cross site scripting

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Exploit is possible only when the bttoken in victim’s session is active...