Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Adobe Acrobat and Reader are prone to an unspecified memory corruption vulnerability. Attackers can exploit the vulnerability to do code corruption, control-flow hijack, or information leak attack.
A type confusion vulnerability was discovered in Microsoft Internet Explorer and Microsoft Edge. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system.
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Joomla Core is prone to multiple security-bypass vulnerabilities. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions, this may aid in launching further attacks.
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Edge is prone to an unspecified memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
Microsoft Internet Explorer and Edge are prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.