ARC Informatique PcVue (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an...

CVE-2019-14079

Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables i...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform Exploit

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

Webkit JSC JIT ArgumentsEliminationPhase::transform Uninitialized Variable Access

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if...

Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...

Design/Logic Flaw

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msmcomprioctlshared, variable "ddp-paramslength" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, ra...

Web application security vulnerability analysis and prevention（ASP article-the vulnerability warning-the black bar safety net

In previous articles we have for common Web security vulnerabilities and prevention methods are analyzed and described, and learn to Web security vulnerability of the website's security operations as well as corporate sensitive information anti-leakage effect is huge, so effective against Web...

Web application security vulnerability analysis and prevention（PHP article-the vulnerability warning-the black bar safety net

PHP is the current Internet environment in the most mainstream of dynamic website development script language, using PHP development of Web application security is also a hacker like the focus of attention. This article will by source code analysis a way to use PHP to write Web application securi...

Denial of service

SystemTap 1.4 and earlier, when unprivileged aka stapusr mode is enabled, allows local users to cause a denial of service divide-by-zero error and OOPS via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access...

OpenJDK private variable information disclosure (6777487)

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...