chromium-browser: Use after free in HTML select elements

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Critical: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 72 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 72.0.3626.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=&copy=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...

Mozilla: Use-after-free with select element

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, and Firefox 64...

CVE-2019-6289

uploads/include/dialog/selectsoft.php in DedeCMS V57UTF8SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename...

DedeCMS Arbitrary PHP Code Execution Vulnerability (CNVD-2019-04908)

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval is equal to one of the PHP Web site content management system CMS. A security vulnerability exists in...

Amazon Linux 2 : kernel (ALAS-2018-1133)

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation removal. The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.CVE-2018-16862 An issue wa...

Desdev DedeCMS File Upload Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval of PHP Web site content management system CMS. Desdev DedeCMS 5.7 SP2 version of the...

CVE-2018-1977

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

CVE-2018-1977

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

Denial of service

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

CVE-2018-2497

SAP HANA audit logs fail to record SELECT events when they appear as part of CREATE TABLE AS SELECT in versions 1.0 and 2.0. This could leave such statements partially unlogged, limiting audit visibility for these CREATE TABLE AS SELECT constructs. The provided documents do not include a patch/r...

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

Code injection

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

Security Bulletin: IBM® Db2®'s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857).

Summary Db2's Row and Column Access Control RCAC rules are not being enforced when creating a table using AS CTAS sub-select statements. RCAC is not enforced when Db2 uses the 'WITH DATA' clause to select and insert data into the target table. Vulnerability Details CVEID: CVE-2018-1857 DESCRIPTIO...

PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...