SAP BusinessObjects Business IntelligenceXML External Entity Injection Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A security vulnerability exists in SAP BusinessObjects Business...

Microsoft Windows kernel information disclosure vulnerability (CNVD-2019-22225)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An information disclosure vulnerabili...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2019-22221)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An information disclosure vulnerabili...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access

/ For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final Shape. As such, at the entrypoint of the constructor the construct...

DirectWrite Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wi...

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

Win32k Information Disclosure Vulnerability

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...

DirectWrite Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wi...

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

The vulnerability of the Strife NT information protection system driver, related to deficiencies in access control, allows unauthorized access to information about file system objects.

The vulnerability of the Data Protection System’s driver for unauthorized access is related to deficiencies in access control for attributes of file system objects. Exploiting this vulnerability allows an intruder, operating locally, to gain unauthorized access to information about file system...

Foxit Reader AcroForm deleteItemAt Remote Code Execution Vulnerability

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Security Bulletin: Remote code execution in WebSphere Application Server ND (CVE-2019-4279)

Summary There is a remote code execution vulnerability in WebSphere Application Server Network Deployment. Vulnerability Details CVEID: CVE-2019-4279 DESCRIPTION: IBM WebSphere Application Server ND could allow a remote attacker to execute arbitrary code on the system with a specially-crafted...

[SECURITY] Fedora 30 Update: drupal7-uuid-1.3-1.fc30

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. This package provides the following Drupal modules: uuid uuidpath uuidservices uuidservicesexample...

Prototype Pollution

assign-deep is vulnerable to prototype pollution. It does not validate the Object.keys before assigning it to the target object, therefore allowing an attacker to inject properties and objects into existing construct prototype...

Exploit for CVE-2019-0888

CVE-2019-0888 PoC for CVE-2019-0888 - Us...

The vulnerability of the application programming interface for accessing ActiveX Data Objects in Windows operating systems arises from errors in object handling in memory, allowing attackers to execute arbitrary code.

The vulnerability of the application programming interface for accessing ActiveX Data Objects ADO on Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

openSUSE Security Update : sssd (openSUSE-2019-1589)

This update for sssd fixes the following issues : Security issue fixed : - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issues fixed : - Allow defaults sudoRole without sudoUser attribute bsc1135247 - Missing GPOs...

openSUSE: Security Advisory for sssd (openSUSE-SU-2019:1589-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:1589-1 Security update for sssd

This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issues fixed: - Allow defaults sudoRole without sudoUser attribute bsc1135247 - Missing GPOs director...