openSUSE: Security Advisory for sssd (openSUSE-SU-2019:1576-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : sssd (openSUSE-2019-1576)

This update for sssd fixes the following issues : Security issue fixed : - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issue fixed : - Create directory to download and cache GPOs bsc1132879 This update was imported fro...

Security update for sssd (moderate)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2019:1589-1 Rating: moderate References: 1124194 1132657 1132879 1135247 Cross-References: CVE-2018-16838 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves one vulnerability and has three...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

VulnCheck KEV: CVE-2019-11707

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...

Mozilla Firefox < 67.0.3

The version of Firefox installed on the remote Windows host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for a...

Mozilla Firefox < 67.0.3

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-18 advisory. - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1480-1)

This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194 Non-security issues fixed: Missing GPOs directory could have led to login problems bsc1132879 Fix a crash by adding...

Microsoft Edge Buffer Overflow Vulnerability (CNVD-2019-27395)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A buffer overflow vulnerability exists in the way the Chakra scripting engine handles memory objects in Microsoft Edge. An attacker could exploit this vulnerability to execute arbitrary...

Microsoft Edge Buffer Overflow Vulnerability (CNVD-2019-27396)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A buffer overflow vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles in-memory objects. The vulnerability originates when a web system or product perfor...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2019:1477-1)

This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issue fixed: Create directory to download and cache GPOs bsc1132879 Note that Tenable Network Securit...

SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2019:1476-1)

This update for sssd fixes the following issues : Security issue fixed : CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194. Non-security issues fixed: Allow defaults sudoRole without sudoUser attribute bsc1135247 Missing GPOs directory...

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-34745)

SAP BusinessObjects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability exists in SAP BusinessObjects...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

SUSE-SU-2019:1480-1 Security update for sssd

This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation bsc1124194 Non-security issues fixed: - Missing GPOs directory could have led to login problems bsc1132879 - Fix a crash by...

CVE-2019-1017

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

CVE-2019-0984

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...

CVE-2019-0909

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

CVE-2019-0888

A remote code execution vulnerability exists in the way that ActiveX Data Objects ADO handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerabilit...

CVE-2019-0888

A remote code execution vulnerability exists in the way that ActiveX Data Objects ADO handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerabilit...